A challenge (was Re: Default security functions on an IPv6 CPE)

Frank Bulk frnkblk at iname.com
Thu May 19 06:27:54 CEST 2011

The typical customer cares only about security when their computer becomes
unusable because it's so infected with malware.  99.9% of SP customers won't
care or remember if I tell them that host-based security is their
responsibility when they use IPv6.  If anything, that's a deterrent to
consumer adoption of IPv6.  Subscriber talks to friend, "My ISP tells me
that I have to buy a new router to use this thing they call eye-pea-vee-6,
but that I will have to take extra steps to secure my PC.  Seems like too
much cost and work for me."

As much as IPv6 gives us a less scannable address space and typically runs
on Microsoft computers with a firewall, I'd rather keep my customers on the
side of caution.  If they want to turn off their router's IPv6 firewall now
or in the future, they're free to do so, but it was an active choice on
their part making it their responsibility.  


-----Original Message-----
From: ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de
[mailto:ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de] On Behalf Of
Mark Smith
Sent: Wednesday, May 18, 2011 4:50 PM
To: Jon Bane
Cc: ipv6-ops at lists.cluenet.de
Subject: Re: A challenge (was Re: Default security functions on an IPv6 CPE)


That's debatable. The lack of recognition of the recognition of IPv6
security can mean that people have been lax about it, making it a more
interesting target.

Even then, how is a IPv6 CPE firewall going to protect users when it is
at home and they've got their laptop at the local cafe - both now and
in 5 years time? If you tell your SP customers that you've enabled IPv6
firewalling for them, isn't there a risk that they won't exactly
understand what you're saying, and believe that they're protected where
every they access the IPv6 Internet? While typical SP customers won't
understand security measures, what they do, and where they apply, they
are far more likely to understand if you tell them you're not providing
them with any and that it is completely their responsibility.


> -Jon

More information about the ipv6-ops mailing list