nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 - real vs theoretical problems

From: William Herrin <bill () herrin us>
Date: Fri, 7 Jan 2011 21:49:15 -0500
On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobbins () arbor net> wrote:

On Jan 8, 2011, at 8:54 AM, William Herrin wrote:

I presume you don't intend us to conclude that a bastion
host firewall provides no security benefit to the equipment it
protects.


If it's protecting workstations, yes, it has some positive security value - but not due to NAT.


Hi Roland,

I see. Would I misstate your view if I characterized it as:

"A bastion host firewall which simulates identical IP addresses on
both sides provides at least as effective security as an otherwise
identical firewall which does not."

Regards,
Bill Herrin




-- 
William D. Herrin ................ herrin () dirtside comĀ  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: