Reports Urge Caution in Switching to IPv6, Voice Over Internet Protocol

GAO urges IT staff to inventory existing IPv6-compatible equipment and developing a strategic plan for implementing IPv6; while NIST report outlines security issues with the implementation of voice-over IP networks

by / May 24, 2005
On Friday, the Government Accountability Office released a report analyzing preparedness at federal agencies for Internet Protocol Version 6 (IPv6). IPv6 is a new standard for giving computers addresses on a network or the Internet, which dramatically increases the number of available addresses, increase flexibility and enhance security.

The 4.3 billion addresses supported by the current Internet protocol, IPv4, is not expected to be sufficient for the worldwide growth of the Internet into the future. The Internet protocol provides the addressing mechanism that defines how information such as text, voice and video are moved across the Internet. With IPv6, the number of available addresses is well over hundreds of trillions of addresses providing the needed room for growth.

The GAO urged agency IT staff to be aware that IPv6-compatible hardware is already installed in agency networks. The GAO recommended making an inventory of IPv6-compatible hardware on agency networks, assessing the security risks of the new standard and taking other measures involved with developing a strategic plan around the implementation of IPv6. The report also warned that IPv6 is still vulnerable to manipulation, meaning an attacker could abuse features of the new standard to allow otherwise unauthorized network traffic or make agency computers accessible directly from the Internet.

Earlier this month, the National Institute of Standards and Technology issued a report that came to similar conclusions about both public and private sector voice-over IP networks. Challenges outlined in that report include the need to protect both voice and data on a VoIP network due to differences in how the data travels over the Internet instead of through traditional phone networks and the need to protect against denial of service attacks that can crash a VoIP device or a device running VoIP software.