[134620] in North American Network Operators' Group
Re: IPv6 - real vs theoretical problems
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Fri Jan 7 21:00:33 2011
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: Nanog Operators' Group <nanog@nanog.org>
Date: Sat, 8 Jan 2011 02:00:10 +0000
In-Reply-To: <AANLkTimZJQz_gawxipsvksxAP7F+1sSs8AqTJ_ts_Ffk@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
> I presume you don't intend us to conclude that a bastion host firewall pr=
ovides no security benefit to the equipment it
> protects.
If it's protecting workstations, yes, it has some positive security value -=
but not due to NAT.
If it's inappropriately placed in front of servers, where's there's no stat=
e to inspect and were the stateful nature of the device in and of itself fo=
rms a DoS vector, it has negative security value; i.e., it makes things far=
worse.
------------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.
-- Alan Kay
