Re: [Full-disclosure] IPv6 security myths

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>>>> "Fred" == Fred Baker <fred@xxxxxxxxx> writes:
    Fred> I'm not a security guru, and will step aside instantly if
    Fred> someone with those credentials says I'm wrong. However, from
    Fred> my perspective, the assertion that IPv6 had any security
    Fred> properties that differed from IPv4 *at*all* has never made any
    Fred> sense. It is essentially a marketing claim, and - well, we all
    Fred> have marketing departments.

I think I am a security guru, and I agree with you 95%.

The major *security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.

Do you realize that a 30 year old IT "professional" likely has never
been on the Internet?   Seriously.  They got a home "router" for their
DSL connection in 1997 when they were 17... they have spent their entire
"adult" life behind some kind of IPv4 NAT. 

I once spent some time with a few such young people, and I came to
understand that they were profoundly confused about what home "routers"
do--- they assumed that all *routers* everywhere on the Internet do NAT.
After all, *CISCO* routers run the world, and CISCO owns Linksys...

Therefore a 3% security advantage of IPv6 is that it requires that
know-it-all young people and you-can't-teach-me-anything grey beards
have to learn new things and therefore have a better chance that they
will get correct information.

The other 2% is that when you get what appears to be attack from
2607:f0b0:f:3::178 via some internal network (on the wrong side of your
firewall), you have a way better chance of tracing it than if the attack
comes from 10.10.10.178.  That contractor PC with outgoing PPTP tunnel
didn't mean to advertise your 10.10.10.0/24 network to my 10.10.10.0/24
network via OSPF, it just "happened".

The above will, I think, be a daily occurance in the world of SmartGrid
for the first 10 years.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@xxxxxxxxxxxxxxxxxxxxxx http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 












_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]