"Fred" == Fred Baker <fred(_at_)cisco(_dot_)com> writes:
Fred> I'm not a security guru, and will step aside instantly if
Fred> someone with those credentials says I'm wrong. However, from
Fred> my perspective, the assertion that IPv6 had any security
Fred> properties that differed from IPv4 *at*all* has never made any
Fred> sense. It is essentially a marketing claim, and - well, we all
Fred> have marketing departments.
I think I am a security guru, and I agree with you 95%.
The major *security* advantage of IPv6 is that it removes 90% of
complexity of IPv4 networks that results from layers of NAT, and then
series of port-forwards through them.
Do you realize that a 30 year old IT "professional" likely has never
been on the Internet? Seriously. They got a home "router" for their
DSL connection in 1997 when they were 17... they have spent their entire
"adult" life behind some kind of IPv4 NAT.
I once spent some time with a few such young people, and I came to
understand that they were profoundly confused about what home "routers"
do--- they assumed that all *routers* everywhere on the Internet do NAT.
After all, *CISCO* routers run the world, and CISCO owns Linksys...
Therefore a 3% security advantage of IPv6 is that it requires that
know-it-all young people and you-can't-teach-me-anything grey beards
have to learn new things and therefore have a better chance that they
will get correct information.
The other 2% is that when you get what appears to be attack from
2607:f0b0:f:3::178 via some internal network (on the wrong side of your
firewall), you have a way better chance of tracing it than if the attack
comes from 10.10.10.178. That contractor PC with outgoing PPTP tunnel
didn't mean to advertise your 10.10.10.0/24 network to my 10.10.10.0/24
network via OSPF, it just "happened".
The above will, I think, be a daily occurance in the world of SmartGrid
for the first 10 years.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr(_at_)sandelman(_dot_)ottawa(_dot_)on(_dot_)ca
http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf