Default security functions on an IPv6 CPE
Doug Barton
dougb at dougbarton.us
Thu May 5 20:46:12 CEST 2011
On 05/05/2011 07:43, Nick Hilliard wrote:
> On the other hand, if you enable the firewall, you will annoy a small
> percentage of power users. However, there's a strong argument to be
> made to say that they are generally the sort of people who could log on
> to the router and make configuration changes anyway.
+1
The whole "restore e2e" pipe dream needs to die. The naive user has been
conditioned by a lifetime of NAT that there should be no access from the
outside world allowed into his network without explicitly enabling it.
The fact that I happen to agree with that perspective aside, if the
firewall for IPv6 defaults to off that same naive user is going to view
IPv6 as "scary," "dangerous," "less secure," or all of the above. As
Nick said so elegantly above, anyone who cares can turn it off.
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the ipv6-ops
mailing list