teredo.ipv6.microsoft.com off?
Ron Broersma
ron at spawar.navy.mil
Wed Jul 17 16:59:06 CEST 2013
>> There's quite some debate which approach to use due to operational
>> practices and MS telling people "not to 'fully' disable IPv6 as you
>> might lose support for $SYSTEM".
>
> I'm still looking for a source too. Rumors have it that the Windows 7
> roll out here (large enterprise customer) will be with IPv6 disabled. I
> guess that why they hired me to do the IPv6 planing (on the network
> side).
Most of the talks that I've seen from Sean Siler (IPv6 guy at Microsoft) have a slide on "best practices", where his point #1 is "Leave Windows in the default configuration (IPv6 enabled)", and he describes how disabling IPv6 comes with risk because you will be operating the OS in an "untested configuration". We translate that into a security issue, and therefore make is a security violation to disable IPv6 in Windows7 and later. I know that is somewhat inconsistent with the DoD STIG, but IMHO the STIG is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6127 bytes
Desc: not available
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20130717/63f51369/attachment-0001.bin
More information about the ipv6-ops
mailing list