Re: Disabling ipv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

You keep talking about IPv6 security risks (over IPv4), but haven't
cited any.

While I don't know of security risks of IPv6, itself, there is this:
If you follow IPv6 on the net you should have found lots of articles about this, and how it affects specially home users and SMBs. Here are some introductory links: 

http://thepcsecurity.com/ipv6-security-issues-concerns-transition/
http://searchsecurity.techtarget.com/tip/Analysis-Vast-IPv6-address-space-actually-enables-IPv6-attacks
http://searchsecurity.techtarget.com/tip/IPv6-myths-Debunking-misconceptions-regarding-IPv6-security-features
Most vendors and ISPs won't talk about his -- IPv6 is a selling point -- but here's buried inside an AT&T white paper: 

http://www.webtorials.com/main/resource/papers/att/paper28/IPv6_impact_network.pdf

"According to the National Institute of Standards and Technology (NIST):
Prevention of unauthorized access to IPv6 networks will likely be
more difficult in the early years of IPv6 deployments. IPv6 adds more
components to be filtered than IPv4, such as extension headers,
multicast addressing, and increased use of ICMP. These extended
capabilities of IPv6, as well as the possibility of an IPv6 host
having a number of global IPv6 addresses, potentially provides an
environment that will make network-level access easier for attackers
due to improper deployment of IPv6 access controls. Moreover,
security related tools and accepted best practices have been slow
to accommodate IPv6. Either these items do not exist or have not
been stress tested in an IPv6 environment"

For more techinical content, you can visit

http://www.gont.com.ar/
which is Fernando Gont home page (author of some IETF RFCs), and see theslides at 

http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf



How is your firewall set up?
That's not the question. I am an experienced sysadmin and networking expert, I know where to search for information and what to look for. But today most computer users, not just Fedora users, do not have this expertise and won't spend enough time researching. They expect to get minimally secure default from vendors and open source projects. something most DO NOT provide currenty, regarding IPv6. :-(
The fact is: today, even most experienced network admins do not know enough about IPv6 security. Most ones I talked to still believe "IPv6 is more secure by design" which it isn't. 


[]s, Fernando Lozano

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux