US Air Force Request For Proposals

AF083-041 TITLE: Assurance Validation of Commercial Products Containing IPv6 Transition and Tunneling Mechanisms on the Air Force Network TECHNOLOGY AREAS: Information Systems OBJECTIVE: Develop innovative solutions to validate that IPv6 transition and tunneling mechanisms are only utilized by authentic and authorized users. DESCRIPTION: Many, if not most Commercial off-the-shelf (COTS) products, including varied operating systems, applications, transition protocols and routing software as well as hardware appliances like firewalls and intrusion detection systems, are capable of communicating via native Internet Protocol version 6 (IPv6) and/or by means of built-in mechanisms to tunnel IPv6 traffic over existing Internet Protocol version 4 (IPv4) networks. These capabilities could be introduced without authorization or knowledge of DoD/Air Force network managers and introduce addtional risks and security vulnerabilities. While effective configuration management can reduce these risks, enhanced monitoring and detection may be the necessary step to validate as well maintain assurance, especially as the move to a dual stack environment per DoD direction will generate authorized users of IPv6 tunnels at a slow but steady pace. A dual stack enviroment is defined in this case as a network with both IPv4 and IPv6 traffic communicating simultaneously. When both IPv4 and IPv6 are being used, as in a transition environment between IPv4 and IPv6, the depth of security security defenses is reduced significantly, allowing unsolicited incoming messages and bypassing certain network controls.

Click here to get the file