nanog mailing list archives
Re: IPv6 Security [Was: Re: misunderstanding scale]
From: Timothy Morizot <tmorizot () gmail com>
Date: Mon, 24 Mar 2014 07:42:07 -0500
On Mon, Mar 24, 2014 at 1:51 AM, Mark Tinka <mark.tinka () seacom mu> wrote:
On Monday, March 24, 2014 01:37:52 AM Timothy Morizot wrote:Yes. As I said, same general sorts of risks for the most part as in IPv4. Details differ, but same general types. My point was that it's mostly FUD to wave the flag of scary new security weaknesses with no mitigations in IPv6. It's the same general sort of first hop and link security issues that exist in IPv4 with similar mitigations. Not identical, but not radically different or new either.While the mitigations may not exist yet (like proper firewalls in CPE to protect GUA'ed devices in the home), it still a good idea to bring the risks to light so folk can think about how to get them fixed.
While I don't really disagree with that statement, I'm not entirely sure what CPE firewalls and home devices have to do with enterprise deployments, the topic I was discussing. We've been actively working this for the past three years now and have yet to encounter an IPv6 specific enterprise risk for which no appropriate mitigation exists. That's why I called out the assertion that security weaknesses in IPv6 were *preventing* enterprise deployments as FUD. And until someone specifically names some major unmitigated IPv6-only security weakness blocking enterprise deployment instead of vague hand-waving or lists of security risks (as opposed to weaknesses) with well-defined mitigations, I'll stand by that statement. Scott
Current thread:
- Re: misunderstanding scale, (continued)
- Re: misunderstanding scale William Herrin (Mar 24)
- Re: misunderstanding scale Owen DeLong (Mar 24)
- Re: misunderstanding scale Doug Barton (Mar 22)
- Re: misunderstanding scale Nick Hilliard (Mar 23)
- Re: misunderstanding scale Paul Ferguson (Mar 23)
- Re: misunderstanding scale Timothy Morizot (Mar 23)
- IPv6 Security [Was: Re: misunderstanding scale] Paul Ferguson (Mar 23)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 23)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Dobbins, Roland (Mar 23)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 23)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Paul Ferguson (Mar 24)
- RE: IPv6 Security [Was: Re: misunderstanding scale] Naslund, Steve (Mar 24)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Lee Howard (Mar 25)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Lamar Owen (Mar 25)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Jack Bates (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Mohacsi Janos (Mar 26)
- Re: IPv6 Security [Was: Re: misunderstanding scale] Matt Palmer (Mar 26)