Re: Disabling ipv6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,


Tim:

If manufacturers and software programmers don't pull their fingers
out, we'll be faced with even more ISPs subjecting their clients to
NAT.

Fernando Lozano:

Would this be so bad? Most people at work have been working using NAT
for years. NAT increases security. Most internet users don't need to
run servers.

Yes it would.  NAT doesn't really increase security.  It gives the
illusion of doing so, because it usually breaks networking, but not
always (just one reason why you shouldn't pretend it's a firewall).
IMHO globaly-addressable client devices increase security risks. NAT make some things more complicated, but I'd rather improve NAT technologies and application protocols to work with then. Many experts argue in favor of NAT even for IPv6 networks, see for example: 

http://searchenterprisewan.techtarget.com/tip/Why-IPv6-wont-rid-the-Internet-of-Network-Address-Translation


Users do things that act like servers, and require connections to get
through to them.
IMHO they shouldn't. End users will never know enough to implement proper network security. Cloud services would provide better alternatives to most "server-like" things users would want to do, with cheap and free options. 


Just a few things that become nightmarish with NAT:

   Using some FTP servers.
It's a protocol broken by design, with connection call-back connections. I'd eliminate FTP altogether. 



   Sending files through instant messenger clients.
Put Dropbox, Google Drive or the like suppport in IM clients. Push for a standard REST API for this kind of services, so IM developers don't have to write code for a myriad different services. 



   Voice over IP.
Improve VoIP protocols. Most VoIP users will anyway depend on centralized servers for realiability (like Skype supernodes), presence, authentication, or interoperability with POTS and cell services. 



   Using any type of peer-to-peer software.
IMHO peer-to-peer in general is a boken concept. It's nice for experimentation, good for politics (you won't depend on a big corporation) but increases network security risk. There are technical alternatives to peer-to-peer designs that IMHO lend to better security and QoS. On the political side, standards and ONGs should prevent dominance by big corporations.
Cloud VPN services would allow end-users to get connections to their home machines if they want, at the same without exposing them to scans and attacks from the whole Internet. I'd focus on improving those offering. 


[]s, Fernando Lozano

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux