[170034] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Denis Fondras)
Sun Mar 23 15:37:30 2014
Date: Sun, 23 Mar 2014 20:35:31 +0100
From: Denis Fondras <xxnog@ledeuns.net>
To: nanog@nanog.org
In-Reply-To: <201403232113.15291.mark.tinka@seacom.mu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi all,
Le 23/03/2014 20:13, Mark Tinka a écrit :
> On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:
>
>> i would say the more appropriate place for this policy is
>> the printer, not a firewall. For example, maybe a
>> printer should only be ULA or LLA by default.
>>
>
> I would support adding security at the host-level,
> especially because with a centralized firewall, internal
> infrastructure is usually left wide open to internal staff,
> with trust being the rope we all hang on to to keep things
> running.
>
When speaking of IPv6 deployment, I routinely hear about host security.
I feel like it should be stated that this is *in no way* an IPv6 issue.
May the device be ULA, LLA, GUA or RFC1918-addressed, the device is at
risk anyway.
If this is the only argument for delaying IPv6 deployment, this sounds
more like FUD to me ;-)
Denis
