SV: CPE Residential IPv6 Security Poll

erik.taraldsen at telenor.com erik.taraldsen at telenor.com
Tue Sep 20 09:00:35 CEST 2016 

I'm dealing with the CPE's for Telenor here in Norway.  And indeed a part of the Norwegain discussion.

Today we block incoming traffic to protect the customers.  We seek to have the same security policy as for IPv4.  Meaning statefull firewall which the customer can configure if they want to.  The reason is partly internal policy (Telenor seeks to be seen as the secure internet provider in Norway, disabling firewalls and allowing all of the internets deviants access to the NAS with pictures of your children seems like a bad marketing move).  We also hoped that UPnP/PCP would be activly used in IPv6, punching firewall holes as needed.  But that seems to not get any traction.

As for customer complaints, none.  But that does not mean that the customers are not suffering.  It may just as well be that the application reverts to UPnP/STUN over IPv4 or fails without the customer beeing able to diagnose why.



-Erik


________________________________________
Fra: ipv6-ops-bounces+erik.taraldsen=telenor.com at lists.cluenet.de <ipv6-ops-bounces+erik.taraldsen=telenor.com at lists.cluenet.de> på vegne av Anfinsen, Ragnar <Ragnar.Anfinsen at altibox.no>
Sendt: 19. september 2016 14:32
Til: IPv6 Ops list
Emne: CPE Residential IPv6 Security Poll

Hi all.

In light of a new discussion blossoming in Norway, we are curious about the IPv6 security policy different ISP’s has adopted. So it would be very helpful if you could do a quick response, either here or directly to me, on the following question:

Which security policy are you using for you residential IPv6 enabled CPE’s? (RFC6092, fully open, balanced or other)

Why did you adopt this policy?

Any good or not so good experience with the choice?

All answers are very much appreciated, and I will post the results here after a week or so. Thank you very much.

Best Regards
Ragnar Anfinsen

Chief Architect CPE
IP Address Architect
Infrastructure
Technology
Altibox AS

E-mail: ragnar.anfinsen at altibox.no
www.altibox.no<http://www.altibox.no/>

[cid:image001.png at 01D21282.A1DD77A0]
  [cid:image002.png at 01D21282.A1DD77A0] <http://facebook.altibox.no/> [cid:image003.png at 01D21282.A1DD77A0] <http://twitter.altibox.no/>
CONFIDENTIAL
The content of this e-mail is intended solely for the use of the individual or entity to whom it is addressed. If you have received this communication in error, be aware that forwarding it, copying it, or in any way disclosing its content to any other person, is strictly prohibited. If you have received this communication in error, please notify the author by replying to this e-mail immediately, deleting this message and destruct all received documents.

More information about the ipv6-ops mailing list