What We’re Reading: Week of 12/31

CSO – Could China blocking VPNs lead to spying on business?
IT Business Edge – BYOD in 2013: Yes, It Is Going to Get Worse
Ars Technica – IPv6 takes one step forward, IPv4 two steps back in 2012
eWeek – Targeted Attacks, Weak Passwords Top IT Security Risks in 2012

Q&A with Swen Baumann, product manager at NCP engineering

We recently spoke to NCP engineering’s Swen Baumann about split tunneling and its role in IPv6, and how to best deploy it when working remotely. 

VPN Haus: How is split tunneling impacted by IPv6 dual-stack networking?

Swen: The main thing to remember is, split tunneling needs to be specifically configured. For instance, in a “dual-stacked” world – which implements both IPv4 and IPv6 stacks — you will have to configure either both or just only one, depending on which stacks you plan to use. Once you’ve completed this configuration, split tunneling will be processed — no matter if the traffic is IPv4 or IPv6. Simply put, to enable split tunneling on IPv6, you only need to configure the stack – but otherwise it should run smoothly.

VPN Haus: How does split tunneling differ from inverse split tunneling?

Swen: I know it’s stating the obvious, but it’s inverse. Here’s what that means. With conventional split tunneling you configure some networks that are to be processed within the tunnel, which means there are others not be taken into the tunnel. With inverse split tunneling it is just the other way round. You configure those networks that are not be processed through the tunnel and all the rest will be taken into the tunnel. In other words, split tunneling becomes the rule — not the exception.

VPN Haus: In cases of split tunneling for the home office, do you recommend the corporate VPN be set as the default gateway to first route all traffic, dropping those requests deemed unnecessary to secure?

Swen: Usually yes. But ultimately, it depends on the security policies of the company. Generally, the recommended approach is to direct all of the traffic into the corporate tunnel, so that all of the company’s security protocols can apply to the traffic and fulfill the organization’s security needs.

IPv6 Day 2012 – The Aftermath

Now that we’ve had a few weeks to consider the aftermath of IPv6 Day 2012, we wanted to look into what the industry is saying are the key takeaways – so far – from this year’s event, in which thousands of organizations switched over to IPv6 – permanently. After all, IPv4 website addresses are essentially exhausted, while IPv6 has more than 340 trillion addresses, according to the Internet Society. This, the organization points out, is an IPv4 address for every star in the universe. Mind-boggling, right? Here’s what else people are saying:

IPv6 traffic didn’t spike on World IPv6 Day, but did see a gradual and significant increase starting two weeks before the actual day, 6 June, according to Arbor Networks. Internet Protocol version 6 traffic grew from 0.06 per cent to 0.15 per cent in that period, it said…The increased levels of IPv6 traffic has been steady since the event, Arbor added. “This shows that hopefully many of the newly enabled IPv6 services are here to stay – another important milestone on the road to ubiquitous IPv6 adoption.” – Adam Bender, ComputerWorld

While the commitment to always-on v6 was a big one, some experts predicted that we wouldn’t see a big jump in traffic rates during this year’s World IPv6 Launch. The reason for this was that many of the providers who are committing to v6 had already turned up their networks ahead of the launch and would be running the day of the event. However, Owen DeLong, IPv6 evangelist for Hurricane Electric, predicted a small spike in traffic would occur on June 6, followed by a leveling off and gradual move upward in traffic rates. He forecast that v6 traffic rates would “at least double if not quadruple again, possibly more, in the next year.” – Samantha Bookman, FierceTelecom

What are your predictions for IPv6 moving forward? Also, you can download your own copy of the World IPv6 infographic at www.worldipv6launch.org/infographic.

What We’re Reading, Week of 6/4

PCWorld – IPv6: Five Things You Should Know
Computerworld – Security Manager’s Journal- Time for a mobile-security upgrade
Computerworld – Mobile devices bring cloud storage — and security risks — to work
Dark Reading – IPv6 Arrives, But Not Everywhere

IPv6 Day 2012 – What Does It Mean?

By Nicholas Greene

IPv6 Day 2012 is just a day away on June 6. For those just getting up to speed, here’s the back story. IPv6 Day started in 2011 when over a thousand major website hosting organizations and ISPs — including Google, Facebook, Akamai, and Yahoo — got together in order to execute a global ‘test flight’ of IPv6 over the course of several days. This helped them expose a number of potential issues involved with a full implementation of IPv6, in addition to allowing them to take the new protocol for a spin, and prepare for the inevitable shift. Last year’s experiment went without any major hiccups and we also discovered that IPv4 and IPv6 are capable of playing nice with one another– a rather important factor in implementing the new protocols. After 24 hours of testing, the organizations shifted their websites and services back to the old standard.

This year, they’ll be switching over again…but this time, they won’t be switching back. With that in mind, it isn’t difficult to see why June 6 is a rather important day.  We’re pretty much about to witness history in the making, in a manner of speaking.

Since IPv6 Day 2011, all the organizations involved have been busying themselves getting their content delivery networks and services primed and ready for the big day.  One question remains- how will the global launch of IPv6 change the Internet as we know it? What effect will it have on how people browse? How will it revolutionize security and connectivity?

The first thing you need to know about World IPv6 day is that the distribution of IPv6 is going to be neither immediate nor incredibly widespread- at least, not at first. Many businesses are thoroughly committed to the idea of implementing IPv6 over IPV4…but the trouble is, not all of their customers can handle the new standard. Take Time Warner Cable and Comcast, for example, who both revealed that 30% of their consumers use Windows XP, which isn’t IPv6 ready out of the box, and  another 70% use routers that have no support for IPv6.  With this in mind, it should be clear that the advent of IPv6 doesn’t mean IPV4 is going to simply be tossed by the wayside- far from it.

Ultimately, the goal that’s been set for World IPv6 day is for organizations to shift 1% of their worldwide consumer base from IPV4 over to IPv6. It may seem minor, but given how many consumers are still using older hardware and software…it’s actually a rather ambitious objective.

IPv6’s launch will undoubtedly modernize a number of midmarket networks, writes Chris Crum of Netpro News, and will most definitely be a big deal for enterprise organizations- both within and without of the tech industry. Even in light of this, it’s going to be a very subtle shift.

So, we’ve addressed users, networking, and co-existence with IPV4. Now it’s time to take a look at the elephant in the room- network security.

We’ve already discussed at length some of the benefits of IPv6, and tackled a number of myths regarding the new protocol. Perhaps one of the most prevalent myths, if you’ll recall, regarded the labyrinthine dinosaur that was Network Address Translation. While the launch of IPv6 might not signify the de facto death of NAT, it will signify the slow fade of the translation protocol into obscurity. Ultimately, as we’ve detailed already, this will carry with it considerable benefits for the ‘net.

These include easier implementation of IPsec, smoother infrastructure, automatic encryption of all IPv6 network data, and integrated support for mobile. Of course, the IPv6 launch isn’t without its fair share of pitfalls, either. Ideally, we’d want IPv6 to have a smooth, instantaneous implementation- with everybody using high-encryption, high-security networking systems, and tossing the outdated IPV4 to the wayside.

As with most situations, in reality, things get much…messier.

If anything, we might actually see things getting even more complex for a while as a result of IPv6’s implementation, and as organizations turn to a wide array of technologies in order to bridge the gap between the two suites, fragmentation might rear its ugly head. It’s easy to see how this could end up becoming even more complex than what we’ve currently got in place, and how this could easily lead to misconfigured networking systems and a whole new plethora of security risks- to say nothing of some of the currently applicable exploits (such as router impersonation) and other security risks that might surface as we begin the transition.

Even so, IPv6 should be seen as a net positive for the Internet- and for network security, and IPv6 day should be something we’re looking forward to, rather than dreading. After all, it’ll eventually prove to be a giant leap forward for both Internet technology and network security, and completely eliminates the IP address exhaustion issue.

For the time being, though…rather than a giant leap, we’re taking baby steps.