nanog mailing list archives
Re: Requirements for IPv6 Firewalls
From: George Herbert <george.herbert () gmail com>
Date: Mon, 21 Apr 2014 11:58:12 -0700
On Mon, Apr 21, 2014 at 9:32 AM, Lee Howard <Lee () asgard org> wrote:
You're describing best practice. Yes, of course, you should have well documented technical and business needs for what's open and what's closed in firewalls, and should have traceability from the rules in place to the requirements, and be able to walk the rules and understand them and reinterpret them from v4 to v6, to a new firewall vendor, etc etc. Yes. Any publicly-traded company will have this because their auditors require it. I would think that companies without this documentation are probably not ready to deploy a new protocol. I concede that tracing the rules to the requirements is a hard one in practice (and a PITA in operational practice), but I don't think it's required to be able to map IPv4 rules to IPv6 rules.
You would think that any publicly-traded or sufficiently large or high profile company would have that because their auditors should require that. Yes, that's a reasonable assertion and hope. I regret to inform the discussion that it's a forlorn hope in a number of actual real world organizations.
I'm not making noise to be remembered on the lists as a pissed off
troublemaker. I've been doing enterprise IT consulting since the early 1990s, and am relaying what the state of reality is, and attempting to get people at various levels to deal with that rather than assume higher levels of competence than are really out there... -- -george william herbert george.herbert () gmail com
Current thread:
- Re: Requirements for IPv6 Firewalls, (continued)
- Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 18)
- Re: Requirements for IPv6 Firewalls Matthew Kaufman (Apr 18)
- Re: Requirements for IPv6 Firewalls Eugeniu Patrascu (Apr 19)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls Jimmy Hess (Apr 18)
- Re: Requirements for IPv6 Firewalls Lee Howard (Apr 18)
- Re: Requirements for IPv6 Firewalls William Herrin (Apr 18)
- Re: Requirements for IPv6 Firewalls George Herbert (Apr 18)
- Re: Requirements for IPv6 Firewalls Lee Howard (Apr 21)
- Re: Requirements for IPv6 Firewalls George Herbert (Apr 21)
- Re: Requirements for IPv6 Firewalls Brandon Ross (Apr 17)
- Re: Requirements for IPv6 Firewalls Matthew Kaufman (Apr 17)
- Re: Requirements for IPv6 Firewalls Timothy Morizot (Apr 17)
- Thank you Comcast Michael T. Voity (Apr 17)
- Re: Thank you Comcast Mehmet Akcin (Apr 17)
- Re: Thank you Comcast Doug Barton (Apr 17)