Currently, the dominant internetworking protocol is Internet Protocol version 4 (IPv4). Yet, each IPv4 address is limited to a thirty-two bit field length, which corresponds to a maximum of approximately four billion unique internetworking addresses. IPv6 is the next generation of IP messaging that uses a one-hundred-twenty-eight bit field length, resulting in an enormous increase of supportable unique addresses. In fact, the new allotment will permit every person on this planet to have over four billion internetworking addresses!

Potential IPv6 conversion issues are internetworking device computational and/or bandwidth overhead, which in turn can impact communication performance. End-users who are planning migration to IPv6 as well as designers and implementers of IPv6, must understand the technology in order to assess the risks associated with this paradigm shift and prepare effective and efficient responses.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part VI” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

The IPSec model is an architecture composed of standard rules for protecting IP traffic. IPSec is also a set of protocols utilized to secure IP packet exchanges that operate at the Internet Layer of the TCP/IP reference model. IPSec utilizes certificates and Public Keys to authenticate and validate the sender and receiver.

Tunnel and Transport are the two telecommunication modes supported by IPSec. IPSec standard rules can be incorporated into transport and tunnel mode encapsulation. As a distinctive feature, Tunnel mode provides two additional header records for sending messages, thus requiring more processing. In addition, Tunnel mode is usually implemented between two gateways or a gateway and server.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part V” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

IPSec network security capabilities

Internetwork security is integrated into the design of the IPv6 architecture, and the IPv6 ITEF specification mandates support for IPSec as a fundamental interoperability requirement.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part IV” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

Datagram transmission across multiple IP networks

Packet switching is commonly employed to optimize available channel capacity in digital networks, to minimize transmission latency in message delivery and to enhance processing reliability in addressing modes.

IPv6 packet-switched addressing encompasses three general categories for transport:

• Unicast – protocol fields act as an identifier for a single interface (within the ambit of the unicast address type). An IPv6 packet sent to a Unicast address is delivered to the interface identified by that address.
• Multicast – protocol fields act as an identifier for a set of interfaces that can belong to different nodes. An IPv6 packet delivered to a Multicast address is delivered to the interfaces specified by the ambit indicators.
• Anycast – protocol fields act as identifiers for a set of interfaces that can belong to the different nodes. An IPv6 packet destined for an Anycast address is delivered to one of the interfaces identified by the protocol fields defined administratively.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part III” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

As presented in the article A Few Fundamentals of Networking Electronically Encoded Data, data must be organized for transmission. Thus, the creation of usable telecommunication packets requires appending a unique header to the message destined to traverse the internetwork. Technically, in order to send messages utilizing IP addressing, a program must prepare IP datagrams through the encapsulation of received datum.

As a potential delivery option, packet switching is an electronically-based communications method for grouping all transmittable data into suitably-sized packets, without exceeding the Maximum Transmission Unit (MTU) allocation. To achieve this goal, packets are routed individually, sometimes resulting in different paths and out-of-order delivery; thus requiring accurate message reassembly.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part II” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

Internet Protocol (IP) addressing can provide a connectionless service for end systems to communicate across one or more networks. Within this context, during the original development of this communication addressing scheme, the designers assumed that computer networks would be unreliable.

The current Internet Engineering Task Force (IETF) sponsored IP specification, IP version six ( IPv6), is an Internet Layer protocol — as defined by the four layer Transmission Control Protocol/Internet Protocol (TCP/IP) model — for packet-switched internetworking that provides end-to-end datagram transmission across multiple IP networks, and mandates IP Security (IPSec) protocol suite support as a foundational interoperability requirement.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

IBM. Armonk, New York: International Business Machines. http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm (accessed: February 5, 2012).

IPv6 Addressing. Na: IP6.com. http://ipv6.com/articles/general/IPv6-Addressing.htm (accessed: January 26, 2011).

Unicast IPv6 addresses. Redmond, WA: Microsoft. http://technet.microsoft.com/en-us/library/cc759208(WS.10).aspx (accessed: February 5, 2012).

Wikipedia. San Francisco, CA: Wikimedia Foundation. http://en.wikipedia.org/wiki/Packet_switching (accessed: February 5, 2012).

Post Note: “A Few Fundamental Features of IPv6 Internetworking – Part I” was originally published through Suite101.com under the title “A Few Fundamental Features of IPv6 Internetworking”

Usually, IT network environments orchestrate direction and control through an operating system installed to coordinate processes; including application software. In other words, an operating system performs most generally accepted management functions for IT processes.

Without an operating system certain functions, such as multiprogramming, simply would not be an available processing option, and many functions like I/O completion testing would have to be performed directly by a programmer. Therefore, operating systems are the primary catalyst sustaining efficient and effective information integrity. If this viewpoint is adopted throughout the entity, IT owners should ensure adequate protection mechanisms are installed with employed operating systems.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part VI” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Technically, the user program subroutine integration process is known as linkage editing. Linkage editing poses two risks: the unauthorized use of subroutines and the unauthorized suppression of subroutines that should accept utilization. In the first case, an application program might utilize a job control (script) statement requesting the services of an unauthorized subroutine that performs an illegal task. In the second case, the program might use a script statement that suppresses the services of a required subroutine. Consequently, policies and procedures should be implemented to ensure:

• error messages are displayed or other action taken when reference is made to unauthorized subroutines, or when external references are unsolved
• the operating system maintains a log of program usage
• the linkage editor of the operating system maintains a processing history of each program, including control statements utilized

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part V” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Processor protection deters infinite program loops that could affect availability. Inserting a timer prevents programs from being stuck in infinite loops, and never returning control to the operating system. The operating system timer can be fixed or variable. However, the system parameter for the timer should be set at a generally accepted practice range with instructions to interrupt the operating system timer considered a privileged authorization for incident prevention.

Reducing the risk of IT program manipulation

Lastly, user program protection dictates user access to shared user resources. Rather than include all necessary instructions in an application program, many programs simply reference other programs, or subroutines, that may be available in the program library. When a program makes a reference to subroutine, it is the operating system that calls the subroutine in from the library and makes it available to the requesting program.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part IV” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”

Intel Central Processing Unit (CPU)

A potential consequence for a breach in memory protection is a halt in all current processing. Therefore, the operating system should monitor the partitions to ensure that no program coding or data are moved into the wrong partition to prevent information corruption and unauthorized manipulation. Furthermore, operating systems should check to ensure data read into devices from other media are of the correct length. The operating system’s data length check prevents errors, such as blocks of records being too long for the memory buffer storage area.

Controlling privileged instructions

I/O allocation and control dynamically matches and assigns channels and devices with the processes’ particular requirements, monitors the status, and controls operations. Where online features are part of the IT configuration, communication with a terminal control unit (TCU) or front-end processor (FEP) are typically included in operating system duties. I/O protection prevents users from accessing privileged instructions.

Sources:

Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.

Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).

Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2

Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4

Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239

Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50

“View Part I of the Essential Operating System Protection Mechanisms series here”

Post Note: “Essential Operating System Protection Mechanisms – Part III” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”