The National Security Agency has released security guidance to help the Department of Defense and other system administrators implement the latest version of the Internet Protocol.
NSA said Wednesday the IPv6 Security Guidance outlines a set of recommendations on how DOD and other federal organizations can maintain awareness of and prevent potential security concerns as they transition to the next-generation protocol from the legacy IPv4 networks.
According to the agency, networks new to the protocol lack maturity in IPv6 configurations and tools and devices that run on IPv4 and IPv6 simultaneously have an increased attack surface.
“The Department of Defense will incrementally transition from IPv4 to IPv6 over the next few years and many DoD networks will be dual-stacked,” said Neal Ziring, cybersecurity technical director at NSA.
To address emerging security issues, NSA recommends that organizations assign IPv6 addresses to a host via a Dynamic Host Configuration Protocol version 6 server; avoid tunnels to reduce complexity and the attack surface; utilize cybersecurity mechanisms that support both IPv4 and IPv6; and provide appropriate and sufficient training and education to network administrators.
