|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: "Patrick W. Gilmore" <patrick@ianai.net> In-Reply-To: <CAP-guGWXysLH+c2nnJmd+JY6=wyDoVdt9Vgs9m_HE75JMKNGQg@mail.gmail.com> Date: Mon, 24 Mar 2014 14:19:41 -0400 To: NANOG list <nanog@nanog.org> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org --Apple-Mail=_CEEE5C71-D9E5-454F-8CCB-3459DE001C96 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 On Mar 24, 2014, at 13:17 , William Herrin <bill@herrin.us> wrote: > On Mon, Mar 24, 2014 at 1:05 PM, Patrick W. Gilmore = <patrick@ianai.net> wrote: >> On Mar 24, 2014, at 12:21, William Herrin <bill@herrin.us> wrote: >>> Some folks WANT to segregate their networks from the Internet via a >>> general-protocol transparent proxy. They've had this capability with >>> IPv4 for 20 years. IPv6 poorly addresses their requirement. >>=20 >> NAT i s not required for the above. Any firewall can stop incoming = packets unless they are part of an established session. NAT doesn't add = much of anything, especially given that you can have one-to-one NAT. >=20 > Hi Patrick, >=20 > What sort of traction are you getting from that argument with > enterprise security folks who object to deploying IPv6 because of NAT? The _good_ security people complain about deploying NAT in v4 or v6, = because they don't think it is "security". What sort of traction do you get with security people when you tell them = NAT =3D=3D "security in depth"? If you mean "do people who get hired by $CORPORATION and do not know = anything about security get upset when you tell them something they did = not know?" The answer is "frequently, yes". I'm not sure what that has = to do with the discussion at hand, though. --=20 TTFN, patrick --Apple-Mail=_CEEE5C71-D9E5-454F-8CCB-3459DE001C96 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJTMHc9AAoJEHZX8udmu5TXTn4H/2ekP7MnB72ehsfVT4mNLIhJ iO+7RFzKlTPwIvs4yE0qPw07FjrnU2iL/t66KeOu0TQvo+dJwOXguPNJRlsQPtj3 taxImfUGDm1dRNSS1of9pi0oWHgCYgbpo2kQKn9njlOOHLSj19DhsiL4FpmCM9+D wrBiNXOLgoqQqCcBfojanlC1odXRosyYZhoMORtCY10alrcjPUB9z/+oqsTnrm4z PQZCNrfTi7HU3ScjkIFmGXZbSzWvDQXIRJky9CtZ0qGOPlaAxqtYfA4D1VOyJoBi RNHrNZreDyqnhqYSoHq0d7zIZuFCk1BrXB4a7X+w9BDpwi/jC2PZHUmC/8ukwhg= =eRbU -----END PGP SIGNATURE----- --Apple-Mail=_CEEE5C71-D9E5-454F-8CCB-3459DE001C96--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |