[170055] in North American Network Operators' Group
Re: misunderstanding scale
daemon@ATHENA.MIT.EDU (Mike Hale)
Sun Mar 23 20:54:56 2014
In-Reply-To: <CAFy81r=Q_kin3CTGG9ZyJz_TQheiK39gfCGgz-AG+9YeuyVzOg@mail.gmail.com>
Date: Sun, 23 Mar 2014 17:54:32 -0700
From: Mike Hale <eyeronic.design@gmail.com>
To: Timothy Morizot <tmorizot@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
"unless by few you simply mean a minority"
Which I do.
"appropriately mitigating the security risks shows the claim that
there are security weaknesses in IPv6 preventing its adoption is
false."
No. It doesn't. It's not the sole reason, but it's a huge factor to consi=
der.
"But there's nothing inherent to IPv6 stopping them."
There is because it doubles your attack surface at the very least. At
the worst, it increases it exponentially since suddenly all your
internal devices (that were never configured to be public-facing) are
suddenly accessible from everywhere.
None of this isn't preventable, by the way. There are a myriad of
solutions that can and do mitigate these risks. But to simply dismiss
the security considerations is, I think, incredibly na=EFve and
unrealistic.
On Sun, Mar 23, 2014 at 5:41 PM, Timothy Morizot <tmorizot@gmail.com> wrote=
:
>
> On Mar 23, 2014 7:24 PM, "Mike Hale" <eyeronic.design@gmail.com> wrote:
>> It's derisive because you completely dismiss a huge security issue
>> that, given the state of IPv6 adoption, a great majority of companies
>> are facing.
>
> The original assertion was that there are unaddressed security weaknesses=
in
> IPv6 itself preventing its adoption. At least that's the way I read it. A=
nd
> that assertion is mostly FUD.
>
>> Calling it FUD is completely wrong because it *is* a legitimate
>> security issue for most businesses. Sure, you've got the few who have
>> been able to properly plan for and secure their networks against the
>> increased attack surface of IPv6, but again...most companies haven't.
>
> Well, it's hardly a few at this point, unless by few you simply mean a
> minority. But it's a numerous and growing minority. Moreover, the
> acknowledgement that enterprises have been able to properly plan and depl=
oy
> IPv6 while appropriately mitigating the security risks shows the claim th=
at
> there are security weaknesses in IPv6 preventing its adoption is false.
>
> Now admittedly if an enterprise hasn't done any security planning or
> assessments then they aren't ready to deploy IPv6. But there's nothing
> inherent to IPv6 stopping them.
>
> Scott
--=20
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
