Author Chris Jackson on Network World presents the top
concerns from a security prospective. The most important concern, states Jackson, is how to continue services without killing access or opening the doors to vulnerabilities from another protocol. Tunnelling,
network address translation and firewall policies are all discussed in this article.
“Network Address Translation: I don’t have any statistics on this one, but I would bet that you would be hard pressed to find any organizations that are not doing NAT somewhere in the network. With 340 trillion groups of a trillion addresses, IPv6 makes NAT seem as archaic as 14th century plumbing. Every device will have a globally routable ip address, with policy handled at the firewall. While not preforming NAT may sound like heresy to security people, its value is really questionably in an IPv6 world. Typical network scanning tools like NMAP have no ability to scan an IPv6 subnet because of the sheer number of potential addresses. Network reconnaissance attacks will focus on DNS to find hosts to target. NAT will be used to translate between IPv4 and IPv6 during the migration, but after that its days are numbered.”