IPv6 Firewall on CPEs - Default on or off
Benedikt Stockebrand
me at benedikt-stockebrand.de
Tue Nov 27 17:43:53 CET 2012
Hello again,
"Anfinsen, Ragnar" <Ragnar.Anfinsen at altibox.no> writes:
> So, if a refrigerator is hacked, who is responsible? The customer for not
> turning on the optional firewall? The ISP for not turning the firewall on
> by default? The appliance manufacturer for not building security in the
> fridge?
that really depends on how easy it was to hack and how likely the
customer was aware that he's doing that he probably shouldn't do.
As far as the ISP is concerned, I'd reason like this: With today's
situation, where customers expect their routers to behave in a "diode
style" (as a side effect of NAT with IPv4), I'd consider it the ISPs
duty to make people understand the risks. Using a default setting
with a "diode configuration" (I don't really like to use the term
"firewall" here) and an option that allows users to change that
behaviour sounds like the safest option to me---for both the customer
and the ISP.
Cheers,
Benedikt
--
Business Grade IPv6
Consulting, Training, Projects
Benedikt Stockebrand, Dipl.-Inform. http://www.benedikt-stockebrand.de/
More information about the ipv6-ops
mailing list