A compelling case can be made for the implementation of IPv6, a replacement for the hugely successful but limited IPv4 protocol. Furthermore, in an important sense IPV6 is already here. Most network equipment and operating systems created in the last several years are IPV6 capable. This de-facto transition poses important security risks. Dual-stack nodes have mechanisms for accessing both IPV4 and IPV6 networks. As transition mechanisms have been developed, the security considerations have been reasonably well documented, but information assurance policies and enforcement mechanisms need to take into account the security implications of this new technology. There is clearly a need for a tool which aids administrators in dealing with the security threats posed by a transitional environment. mZeal Communications proposes a product which is intended to fill this need, Expert Validation of IPV4/6 in Transitional Areas (EVISTA). EVISTA is envisioned to be self-configuring, expert system which specializes in identifying and neutralizing security gaps and active threats in a wide variety of transitional environments. It will contain software agents that collect information about the network, both from a static and dynamic standpoint, and a rule-based inference engine, used to intelligently identify how to defeat threats in its host environment.
Benefit: The anticipated benefits of EIVSTA could be quite significant, due to its widespread potential applicability. Near-term commercial opportunities exist in areas relating to the DOD. This is due in part to fact that mZeal has several years of experience in working with the military on a variety of projects, and therefore have a high degree of familiarity with defense-related organizations. Additionally, per DOD mandate, all DOD agencies must have become technically IPv6 compliant as June 2008. This implies that most of them are at some level of transition, which is exactly the type of environment to which the EVISTA system is targeted. There is also the scenario for deployment of EVISTA in tactical networks. The promise of IPv6 is power at the edge, which implies its usefulness in tactical environments. The ability to detect and automatically disable an intrusive, potentially crippling attack on the network actively involved in a battle scenario represents a powerful capability in a tactical system. For the longer term, in a vein similar the DOD, the OMB has also mandated that all Federal agencies have become IPv6 capable by now. Given the sheer size and scope of the Federal government, this represents a significant potential market for EVISTA. Ultimately, the largest potential market is the totality of the users of the worldwide internet. As mentioned previously, government organizations in multiple countries are actively advocating for a transition to IPv6. Since the US has a relatively large portion of the IPv4 address space, rapidly developing countries such as China and India have additional incentive to move to IPv6. Other countries have similar concerns and are likely to follow suit including, eventually, the U.S. Since the conversion to IPV6 is predicted to take place gradually, rather than overnight, the need for a transitional threat detection and elimination product such as EVISTA projects to be significant and prolonged.
Keywords: Security, Ipv6, Transition, Tunnel, Expert, Threat Detection, Prevention