The Future of Firewall Policies

The majority of today's firewalls have only IPv4 source and destination address objects in their policies. However, many of our firewalls are IPv6-capable and allow security administrators to configure either IPv4 or IPv6 policies. Over time, maintaining two firewall policies will become burdensome.

Read more

I Want IPv6 for Christmas - Part II

Many years ago I wrote about the items that a person could buy for Christmas that include IPv6. The results were fairly sparse three years ago. Unfortunately, not much has changed. It is not easy to find IPv6-related gifts to give to your loved-ones this holiday season. Even if you have been extremely good this year, you may get a lump of coal in your IPv6 stocking.

Read more

Measuring IPv6 Growth

People have debated the rate of adoption of IPv6 for years. Many people estimate the worldwide use of IPv6 through their own knot-hole view of the Internet. It is difficult to determine the amount of IPv6 traffic on the Internet because it depends on where you measure. The estimates and measurements have varied widely, but one thing is consistent; the amount of IPv6 Internet traffic is increasing.

IPv6 Deployment Aggregated Status

Read more

Techniques for Prolonging the Lifespan of IPv4

IPv6 proponents have long been predicting the death of IPv4 to get the industry to recognize the importance of IPv6. Although IPv4 address exhaustion has occurred many organizations are still uncertain about the next steps. It is clear that IPv4 is going to be with us for decades to come and there are strategies to prolong the lifespan of IPv4. Are these strategies worthwhile or are they distracting and confusing the industry from moving to IPv6?

Read more

Death to Firewalls; Long Live Firewalls

Firewalls have been slowly changing over the years as their network architectures have been evolving. Firewalls are becoming more decentralized and becoming increasingly virtualized. As firewalls move from solely located at the perimeter inward toward the servers, many other changes are taking place. The pendulum of centralized versus distributed systems continues to swing back and forth as the industry finds the optimal equilibrium for security architectures.

Read more

Peeling the Security Onion

Setting up a properly installed and well-tuned IDS/IPS system can be time consuming. If you have ever tried to set up a fully-functional Snort system, you are familiar with the time it requires. If you want to get an IPv6-capable IDS system up and going quickly then you should look at Security Onion. Once you get it working there are also some low-cost alternatives to capture the packets and observe them.

IPv6 Security with Snort

Read more

Stronger IPsec VPN Configurations Needed

The use of IPsec is pervasive throughout the networking industry. However, many organizations are using IPsec in sub-optimal configurations that result in weaker connection security. Many organizations use IPsec with pre-shared keys and weak encryption algorithms and no form of authentication. Organizations should reconsider how they are using IPsec to ensure it provides maximum security for their organization's private communications.

Read more

Firewall Administration Techniques and Tools

Firewalls can be difficult to manage. Often times rules lack granularity due to a lack of understanding of the application traffic or trying to keep up with the speed of business. Firewalls get more and more rules added to their policies to the point of becoming "Swiss cheese". Don't give up hope because there are methods and tools available to help you gain control of your firewall policies.

Read more

New IPv6 DNS and BIND Book

I was excited when I saw that Cricket Liu published an update to his popular DNS & BIND book covering the IPv6-specific details of DNS. I rushed right out and pre-ordered "DNS & BIND on IPv6". Enabling your DNS servers for IPv6 is an important step in your Internet-edge IPv6 implementation strategy. This book covers all the pertinent information BIND DNS administrators need to get started with IPv6.

Read more

World IPv6 Day Results: New Internet Protocol Proves It's Ready

Today was a significant day in the development of IPv6. Today is IPv6's Bar Mitzvah, Baha'i, Shinbyu ceremony, Genpuku ceremony and Quinceañera all rolled into one. It was a day where IPv6 could prove to the world that it was ready for duty as the Internet Protocol successor to IPv4. Those are pretty big shoes to fill and IPv6 has had some stumbles in the past decade. This article covers what was learned by this big Internet experiment.

Read more

Preparing for World IPv6 Day

World IPv6 Day (June 8, 2011) is approaching in about a week. This will be a landmark day for IPv6 Internet connectivity and IPv6-capable content providers. You will want to be prepared for this historic day in networking. This article will give you the background on what is happening on that day and how to help your organization be ready for the fun.

Read more

Troubleshooting IPv6 Networks and Systems

Whether your organization has deployed IPv6 or not, you may end up troubleshooting IPv6-related issues as other nodes on the Internet move to dual-protocol connectivity. We need to consider how the introduction of IPv6 will change the way we troubleshoot networks, now that we are operating in a dual-protocol world. This article will focus on troubleshooting dual-protocol applications running on dual-protocol servers over a dual-protocol network.

Read more

Rocky Mountain IPv6 Summit has Avalanche of Attendees

Last week the 4th annual Rocky Mountain IPv6 Summit event took place in Denver Colorado. The attendance was larger than previous years and gave a strong indication that organizations are increasingly interested in IPv6. The conference showed that organizations and manufacturers and service providers are keenly focused on migrating to IPv6 in the coming years. This article shares some of the highlights of the conference.

Read more

Cost of Running an IPv4 Network Will Increase

Many in the industry realize that as we migrate to IPv6 there will be a day when IPv4 is not needed anymore. However, that transition seems daunting and may take decades. In the meantime, organizations will need to maintain both an IPv4 and IPv6 infrastructure adding to the total costs of an IT environment. Over time, the costs of operating an IPv4 network will increase compared to running an IPv6-only network.

Read more

IPv6 Training Resources

You would think that with the announcements that IPv6 is coming "any day now" for the past 10 years that organizations would be more knowledgeable about IPv6. However, just the opposite is true and organizations are facing an "IPv6 brain drain". Organizations who have failed to get their IT staff critical knowledge about IPv6 will soon find themselves in desperate need of IPv6 experience.

Read more

Cisco USB Console Ports

For years I have been wondering when Cisco would activate the USB ports on their devices. I have been hoping for all kinds of USB functionality to routers, switches, firewalls but Cisco has been slow to unlock the power of these USB ports. Wouldn't it be cool if you could connect the myriad of USB devices to a Cisco router to further the list of amazing things you could do? Cisco has started to put mini-USB ports on their devices to allow for console port connectivity.

Read more

Recent Annual Security Reports - Valuable Insight on Internet Threats

In the past I have written about annual security reports that many vendors and other organizations publish. We can learn a lot about the state of Internet security threats from the research that these reports share. The attackers share data among themselves so security practitioners also need to collaborate. There have been many new reports published since my last article on this subject. I wanted to keep you up to date on the latest reports and the findings that I think at the most interesting.

Read more

When it Comes to IPv6; Go Native

As the world's supply of IPv4 addresses diminishes it is definitely time to work on your IPv6 deployment plans. As your organization enables IPv6 on their public web sites you should consider the "IPv6 Brokenness" on the Internet. However, you shouldn't necessarily let that stop you from deploying native dual-protocol Internet connectivity. I encourage you to be brave and go native.

Read more

Top 10 Tasks for IPv6 Application Developers

Many IT people, who are unfamiliar with IPv6, believe the responsibility for IPv6 deployment falls on the network-teams. However, those who are knowledgeable about IPv6 realize the migration to IPv6 will involve any system that uses an IP address. As the network teams prepare the infrastructure for the addition of IPv6 we should alert our application developers and make sure they are ready for the challenge that awaits. This article contains some of the key issues that application developers will need to know as they make their applications function properly in a multi-protocol world.

Read more

IPv6 New Year Predictions

Last year I made some predictions for 2010. I commented that there were many "Easy Predictions" and those, for the most part, came true. Let's see how I did on my predictions for 2010 and try to predict what will happen in 2011. I also have some predictions for 2011 that are related to IPv6 adoption, as 2011 will be an important year for IPv6.

Easy Predictions

Read more