Distributed security policy for IPv6 deployment

Abstract

Internet Protocol version 6 (IPv6) is a next generation protocol that is designed to solve the problem of the current Internet Protocol version 4 (IPv4) depletion. With IPv6, almost anything in the world can be assigned an IPv6 address which makes communication between every single person to another possible. Besides, monitoring and sensing every single node or instrument can be done due to each item has its own IPv6 address. Realizing the features of IPv6, enterprise networks have begun deploying IPv6. Although they have not decided to deploy IPv6, IPv6 packet is possibly already in the network due to the most present operating systems supporting IPv6 and IPv6 enable is set as default. Deploying IPv6 in the existing IPv4 network results in coexistence of both protocols in the network. Thus, the coexistence condition exposed enterprise's network to higher probability of vulnerabilities and attacks. Hence, several security policies should be created to maintain security for both IPv4 and IPv6. A proper mechanism to manage the policies to ensure a secure IPv6 deployment is a necessity. Since enterprises have many branches and counterparts, it is essential to have a mechanism to distribute the policies among their branches or subnets. Therefore, the proper mechanism to distribute the security policy which will also support the green computing environment should be formed.