Default security functions on an IPv6 CPE
Guillaume.Leclanche at swisscom.com
Guillaume.Leclanche at swisscom.com
Fri May 6 16:24:33 CEST 2011
> -----Original Message-----
> From: Mikael Abrahamsson [mailto:swmike at swm.pp.se]
> Sent: Thursday, May 05, 2011 9:05 PM
> To: Leclanche Guillaume, SCS-NIT-DEV-NTW-CYC-CTB
>
> > ** A SP deliver the CPEs with a stateful IPv6 firewall providing the
> > same security features as an IPv4 NAPT, should it be turned ON or OFF
> by
> > default ?
>
> My suggestion is to deliver it with firewall on to disallow incoming
> connections to low (<1024) TCP/UDP ports, allow high ones. Most of the
> services people leave on by accident live on the old privileged unix
> ports
> under 1024.
Thank you all for your answers. The debate reflects almost exactly the arguments we have internally :)
I like this suggestion from Mike, I believe it sounds like a reasonable compromise.
What do you all think about the proposal ? (keep in mind we're talking here only about the default configuration !)
Guillaume
More information about the ipv6-ops
mailing list