Default security functions on an IPv6 CPE
Cameron Byrne
cb.list6 at gmail.com
Thu May 5 17:11:05 CEST 2011
On May 5, 2011 7:21 AM, <Guillaume.Leclanche at swisscom.com> wrote:
>
> Hello,
>
> As a service provider, we deliver CPEs to our broadband customers as part
of the service. We're currently enabling v6 on our network, and before going
into production we have an open question regarding security that we're not
able to answer internally, so let's check the community :
>
> ** A SP deliver the CPEs with a stateful IPv6 firewall providing the same
security features as an IPv4 NAPT, should it be turned ON or OFF by default
?
>
> (and of course it's user configurable afterwards, that's not the question)
>
Off with obvious ways to turn it on.
Otherwise, you did not restore end to end connectivity and have to deal with
ALGs and all that bad stuff.
Since the ipv6 subnets are so large, discovery is difficult. And end host
security is much better now than before, when we really did need network
devices protecting the host.
Cb
> Guillaume
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110505/db54e6b9/attachment.html
More information about the ipv6-ops
mailing list