Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Basics

From: "Michael Painter" <tvhawaii () shaka com>
Date: Mon, 31 Oct 2011 20:48:09 -1000
Matthew Reed wrote:


Why not focus on IPv6? It has no NAT. Kind of a paradigm shift if you
think about it. Well worth the energy in the long haul. And "In-depth
promotion" of IPv6 would not hurt its cause.

Don't you agree it might be better to focus on the IPv6 protocol than
to keep defending/securing a pretty much deprecated and older
implementation? Old as in "built with less experience." I know that NAT
is still being widely used by many but the reasons for this might bring
up interesting debates. IPv6 does make NAT obsolete and any form of
academic research on the security and defence of IPv6 implementations
would probably have a longer TTL. I'd welcome those documents any day.



This may be of interest to some:

http://www.ausnog.net/images/ausnog-05/presentations/7-2-stateofdanger.pdf

In the Medium Term, IPv6 Migration Will Bring More
State, Not Less.
? Myth - IPv6 means no NAT.
? Reality - with IPv4 address exhaustion looming, Carrier
Grade NATs (CGNs) are being deployed on SP
wireline networks.
? 6-to-4 gateways are stateful devices with the same
issues as those surrounding NAT devices. 6-to-4
gateways were being deliberately DDoSed back in
2004.
? Many of the performance/latency issues associated
with mobile wireless networks will make their way into
wireline networks as a result.
? These stateful devices must be protected to the degree
possible against DDoS attack via S/RTBH, flowspec,
IDMS, quarantine systems, et. al.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: