Default security functions on an IPv6 CPE
Cameron Byrne
cb.list6 at gmail.com
Fri May 6 17:30:09 CEST 2011
On May 6, 2011 8:04 AM, "Steven J. Vaughan-Nichols" <sjvn at vna1.com> wrote:
>
> On Fri, 2011-05-06 at 07:57 +0200, Tore Anderson wrote:
> > 1) Today, portable computing devices like laptops and smartphones are
> > extremely common - far more common than stationary PCs. People drag
> > these around and connect them willy-nilly to all sorts of untrusted
> > networks found in airports, on airplanes, in hotels, at conferences,
> > at
> > cafés, or simply whatever unsecured wireless network in range that can
> > be leeched from. The sky isn't falling.
>
> Hasn't it? Just because we've gotten used to have private information
> stolen--e.g. the Epsilon and Sony security failures--doesn't mean that
> these incidents haven't been serious. So far, no one's lost a lot of
> money in any of these fiascoes, but it's only a matter of time.
>
> Come the day it does happen and people finally start screaming about the
> current lousy state of network and server security, the last thing we
> want is for people to associate such a disaster with IPv6 networking.
>
I will bet you $1 usd that those hacked companies had network based stateful
firewalls in the path threw which they were attacked ...
Here is a hint. Sony hackers got PCI protected data.
While stateful fw may be part of a comprehensive security policy, their
value has decreased over the years as the attack vectors shifted.
IMHO, one of the easiest place to attack a network is overloading session on
a network firewall. In most architectures, the fw is a single point of
failure.
Cb
PS. Please avoid creating fud for ipv6 by coupling it with legacy ipv4
failings
> Steven
> --
> Steven J. Vaughan-Nichols
> Editor-in-Chief, Practical Technology: http://www.practical-tech.com
> QOTD: "It is never too late to be what you might have been."--George
> Eliot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110506/b9489b60/attachment.htm>
More information about the ipv6-ops
mailing list