[170116] in North American Network Operators' Group
Re: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Mark Tinka)
Mon Mar 24 12:35:48 2014
From: Mark Tinka <mark.tinka@seacom.mu>
To: Timothy Morizot <tmorizot@gmail.com>
Date: Mon, 24 Mar 2014 18:30:20 +0200
In-Reply-To: <CAFy81rmOp9vTn4fzBvyBW-mc2SQNwnyu6_0BDfDgS7z7XVwT1g@mail.gmail.com>
Cc: NANOG list <nanog@nanog.org>
Reply-To: mark.tinka@seacom.mu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--nextPart2326849.TcJlz5NLkO
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
On Monday, March 24, 2014 02:42:07 PM Timothy Morizot wrote:
> While I don't really disagree with that statement, I'm
> not entirely sure what CPE firewalls and home devices
> have to do with enterprise deployments, the topic I was
> discussing. We've been actively working this for the
> past three years now and have yet to encounter an IPv6
> specific enterprise risk for which no appropriate
> mitigation exists. That's why I called out the assertion
> that security weaknesses in IPv6 were *preventing*
> enterprise deployments as FUD. And until someone
> specifically names some major unmitigated IPv6-only
> security weakness blocking enterprise deployment instead
> of vague hand-waving or lists of security risks (as
> opposed to weaknesses) with well-defined mitigations,
> I'll stand by that statement.
Agree - the security issues for deploying IPv6 in the=20
enterprise are not that dissimilar from the concerns in the=20
home in as far as assigning GUA's to enterprise printers,=20
staff laptops, surveillance cameras, e.t.c., is concerned.
This is not necessarily an issue of IPv6. It's more of an=20
issue having a direct connetion to the Internet without NAT=20
(a.k.a security by obscurity, false sense of security,=20
e.t.c.), and what that means for the host's security.
Mark.
--nextPart2326849.TcJlz5NLkO
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
iQIcBAABAgAGBQJTMF2fAAoJEGcZuYTeKm+G1LQP/2asjYSa5xQKtgfq3pgYb5mj
1XRwS4W5IqGj6gubZq5Qk9lw8lreKFaXBtSo6uBj2lXBa5LnghKNTl+HeOBaU2aB
ez/x7TghojrBW17nAZy1xPVIe2gus0rGhd9lWw2XVGfA2ijn/ZlvZ740Lw8pEb2e
vkxMoGKX1wFDQTkX01tLD8QwijfbaN6Hz9mNi9pQgkkjAEPBNm08cRaE2tbSH3dl
p67XFQYEmNZ9x+3pJv2UjoJpR0a+oX8DIox0GnRZ7fj5V0IjdMiE2VfWtgbKcuMc
FrFGVDKfP+av2dK22yrEl78j2eNl9X6OR2KPAVjgqSzGEHeGZzA3oply0EaWQrWP
D8b7S6Eeu/wlzegK/bhsU4iQ+EGyAFMfgSkcgcawzB7XDkk6e5oCrby4Etz0ddWJ
XA0G+qZ+C3VUszlnLublBnj/L+9tiSpFHnQ+PRrIq27Wx85433ahu/tHn8eIaBfl
ZZsLt17foLUY+6foFlsoetoh9O3+WYz4SQLHDxYjGXXtTn3p32JHBrCzFPsNNAan
vpLL4iei9eBy0PHRG8kVHFj+zi4kP09UCh2LgmFA1zdk+5H5RlPA0tKBkHQF8TT2
Pcq9o0bIS1Sx4bJ6XlTiuDBA/tLVQxd9WwqEpEYypCCfZbbi4BEKdPDmkd6a5CaV
R5pW1JIQw8SQ4B4DxMUx
=QLkA
-----END PGP SIGNATURE-----
--nextPart2326849.TcJlz5NLkO--
