[170033] in North American Network Operators' Group
Re: misunderstanding scale (was: Ipv4 end, its fake.)
daemon@ATHENA.MIT.EDU (Mark Tinka)
Sun Mar 23 15:34:47 2014
From: Mark Tinka <mark.tinka@seacom.mu>
To: Cb B <cb.list6@gmail.com>
Date: Sun, 23 Mar 2014 21:34:10 +0200
In-Reply-To: <CAD6AjGT5Wj0LvQj9Jxn=-MPqT9eQ2trGjnhj_39pNZ4299a1Xw@mail.gmail.com>
Cc: John Levine <johnl@iecc.com>, "nanog@nanog.org" <nanog@nanog.org>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart2667953.jWb1MDO5Y1
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:
> My hope is that folks stop equating firewalls with
> security, when the first step is to secure the host,
> accountability is with the host, then layer other tools
> as needed.
I couldn't agree more.
As an example, your home PC (whose OS wasn't updated in=20
months because the wife and kids can't be asked) is hit via=20
HTTP in a way your CPE firewall couldn't prevent. It is then=20
used to re-attack other appliances in your home that have=20
poor software with no security features.
CPE firewalls won't do anything about that.
I support vendors of all kinds (Tv's, microwaves, STB's,=20
home theatre systems, video game consoles, e.t.c.) to=20
include some kind of localized security features that=20
augment what a CPE firewall can offer. This will be even=20
more critical, I think, to getting homes and offices to=20
accept the use of GUA's on the LAN, if we have any hopes of=20
finally getting rid of NAT with IPv6, at the scale we have=20
it in IPv4.
Mark.
--nextPart2667953.jWb1MDO5Y1
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJTLzc2AAoJEGcZuYTeKm+GivwP/1TUG9ED/gP7hXYCOdjMgVt0
wKvwrrflyxPEhnkJZ0WteAyLGGT28kVmDjoaTyZK1APAsbBYPJzPgge7rLnXI9Js
6A7PIRamA/2i7NTYWKKorkylqp4wZsvVZoyDv43Y3rdbsRtl6vetsmkWri9fJd5p
AF7VGeKtWS/NjvAP8Tmux4h4GGb5BmFfTAQElZiEBfVQLrgtMU5KF0PRcqk0Tkib
YGAi0qv3LOSyvE6JDUaE3gXSA39IDcAiPgCcdoagD1MSX9Da9LwNw+ZllWqlcVK6
iZDcXphXpIjdH1oWA/E3if7ZiwdLAlnOcrWBLsqmZeGB6e7hFb2Cp0fhTLVNBLbI
t5ZS/s7h3cQd7UJKmivgCEH+ARIVJhMco7iBrNDDj/WuWpPz5bgT/rK0tNDk/T5l
6/utm19KKPJNG6TSUCUmxxEtlhvRUi+Q4PUVZzg7dQtJC0EapySkvJXV2so5yhP6
n611xQMJgm+bFZo7/4YGDa+RXbU6k7HOg0+2lQbStFr4oKVzPjX32V7a/OxEULbC
AkwgipMym74esFYnSR2au42RKtYAheFwe5Mxrfsj3CEHLHP5a27u8irasENvXx0o
DtW1Su9xnsquIgOIQRI4zySRNl70K1dIQg8pwsT2FJs9jHAh/TIDFlmfsJMMV5FB
insrlntna3NUyatcGbrn
=mwgm
-----END PGP SIGNATURE-----
--nextPart2667953.jWb1MDO5Y1--
