Re: Disabling ipv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Would this be so bad? Most people at work have been working using
NAT for years. NAT increases security. Most internet users don't
need to run servers.

NAT does NOT increase security.  NAT is a combination of a stateful
firewall with a packet mangler; the security comes from the firewall,
not the mangler.  Leave out the packet mangling; use a firewall and
"real" IPs.
If NAT prevents anyone from the internet to try to connect to my computer, this is increased security. After all, don't we configure firewalls exactly to prevent unwanted connections?
Of course NAT alone does not brings security. But as I understand TCP/IP networks, NAT does help security.
Not having NAT means having everyone, every device and computer with a real, public internet address. This means more potential targets for hackers. 



Lots of Internet users run servers and don't even know it; any peer to
peer system is a server on one end.  Look at all the hoops software has
to jump through to try to work through NAT (and especially multiple
layers of NAT), sometimes failing and frustrating users.
NAT is a fact today, has been for years, and people have been using Bittorrent and Skype regardless.
For home users and SMBs, NAT is something that was taken care of. IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I am against wide use of IPv6 right now. Let it mature. 



As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which
adds layers of NAT that break things like P2P applications and IPSec.

I'll happily trade IPSec for OpenVPN. ;-)



In any case, IPv6 should be enabled by default because users may connect
to IPv6 networks and need it to "just work", just like IPv4.  They
aren't power users that know how to tweak hidden options, they just want
to use the network.
To just use the network they need only IPv4. They don't need the security risks that current IPv6 implementation and default configurations adds. Today, IPv6 is far from "just works". You are advocating using all end users as guiena pigs for IPv6 evolution. I advocate evolving IPv6 before exposing end users to ti. 


[]s, Fernando Lozano

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux