This page contains a Flash digital edition of a book.
ASK AWAY MIGRATING TO IPv6


WHAT SECURITY ISSUES SHOULD I CONSIDER WHEN MIGRATING TO IPV6 FROM IPV4?


The transition to IPv6 from IPv4 is not a question of if, but when. While there’s some debate about when all IPv4 numbers will be totally ex- hausted, it doesn’t hurt to begin plotting a migration strategy now. It just might come help during your next product refresh cycle. Below are three steps companies should take when mapping out a comprehen- sive IPv4 to IPv6 rollout.


Step 1 — Inventory: IPv6 will affect every device and application in a net- work. The first step towards a successful migration is to conduct an in- ventory of all of the devices that are currently connected to the network.


Step 2 — Research: After taking inventory, review each vendor’s IPv6 roadmap and timeframe for full compliance. This research will reveal both the level of preparedness of your vendors and whether the device requires a simple software update or a complete hardware refresh.


Be sure to look under the hood: It’s important to make sure your ven- dors will deliver feature parity in IPv6. For example, in the network se- curity industry, many vendors say they support IPv6. However, being able to pass an IPv6 data packet from one side of a firewall to another is not the same as being able to perform deep packet inspection and detect malicious content or unwanted applications.


Don’t believe everything you read: Make sure you can validate the vendor’s claim. In network security, this translates into testing a product’s ability to detect and block the same threats in IPv6 that it de- tected under IPv4. What’s more, there may be a drop in performance for IPv6 traffic, as some vendors will not provide hardware-based accel- eration in IPv6, like they do for IPv4 traffic today.


Look across the vendor’s entire product line:Is the vendor shipping IPv6- compliant products designed for your market segment or is it delivering only select products in an attempt to satisfy its higher-end customers?


Check the product’s certifications: Even though many vendors claim to be IPv6 compliant, it is still good to check if the product under evalua- tion has been certified by a respected, vendor-neutral third party, such as JITC (U.S. Defense Department certification).


Step 3 — Budget: Last but not least, once you have identified those sys- tems for which you need to purchase upgrades (either hardware or soft- ware) you’re going to have to find a way to pay for them. The sooner you understand these IPv6 related costs, the easier it will be for you to inte- grate them within your normal device refresh cycle. The last thing you want to do is to have to explain why you need an emergency budget to ad- dress a problem that the industry has known about for years.


Graham Bushkes is the vice president of sales, Canada for Fortinet, a worldwide provider of network security appliances and unified threat management solutions.


TABLETS & SMART PHONES


SEVERAL OF THE CORPORATE EXECUTIVES IN MY COMPANY WANT TO USE THEIR IPADS AND ANDROIDS FOR DAILY BUSINESS USE. WHAT SHOULD I TELL THEM?


Simply put, “no” is not the answer! The wave of business managers who want to use new tablet devices and smart phones for business purposes is growing, and at this point of time they probably won’t accept “no” for an answer. Consumer-driven IT has evolved with amazing speed since the release of the first iPad and it is accelerating with the release of each new com- munications tool (or gadget). This has put security professionals between a rock and a hard place: they want to accommodate the executives, but have not found a set of proven best practices for securely incorporating tablet and other consumer devices into the business network. To accommodate all these new devices, con-


sider taking these three steps while a set of best security practices begins to evolve for this new computing landscape. 1. Set up a guest wireless LAN that is not part of your internal corporate network, or at least without direct access to your Intranet. Just like a hotel wireless facility, anyone can join this Wi-Fi network, but they can’t do anything on it until they register.


2. Employ the use of SSL VPN. They’ve become common in many organizations as a replace- ment for IPSec VPNs. Many SSL VPN providers offer a client that can be used from these tablet and smart phone operating systems.


3. Implement stronger forms of authentication for use from these new devices. There are a number of advanced authentication options that provide a seamless user experience, thus of- fering you control of how and to whom these authentication credentials are issued. With these three measures, you can better


secure your network and your communications, as well as provide assurance on the identity of the user.


Tarun Khandelwal is a senior solu- tion strategist for security solutions with CA Technologies in Canada.


36 SECURITY MATTERS • FALL 2011


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40