New NSA security guidelines for IPv6 transition issued

SecurityWeek reports that the National Security Agency has released new Internet Protocol version 6 transition recommendations aimed at helping federal agencies address cybersecurity risks involving the shift to the newer internet protocol. While both IPv6 and IPv4 share similar security issues, the Department of Defense and other system administrators may face new issues in IPv6, including the absence of mature configuration and network security tools, as well as inadequate administrator experience, according to the NSA. Expected dual-stack operation, or simultaneous IPv4 and IPv6 implementations, is also poised to raise cyber risks. Federal and DoD network administrators have been urged by the NSA to leverage a Dynamic Host Configuration Protocol version 6 server for assigning addresses to hosts to avert concerns regarding stateless address auto-configuration privacy. The NSA also recommended against tunnel use for packet transporting in an effort to curb attack surface. Necessary IPv6 training and education should also be given to network administrators. "While there are convincing reasons to transition from IPv4 to IPv6, security is not the main motivation. Security risks exist in IPv6 and will be encountered, but they should be mitigated with a combination of stringently applied configuration guidance and training for system owners and administrators during the transition," said the NSA.