nanog mailing list archives

Re: misunderstanding scale

From: Mike Hale <eyeronic.design () gmail com>
Date: Sun, 23 Mar 2014 17:54:32 -0700

"unless by few you simply mean a minority"
Which I do.

"appropriately mitigating the security risks shows the claim that
there are security weaknesses in IPv6 preventing its adoption is
false."
No.  It doesn't.  It's not the sole reason, but it's a huge factor to consider.

"But there's nothing inherent to IPv6 stopping them."
There is because it doubles your attack surface at the very least.  At
the worst, it increases it exponentially since suddenly all your
internal devices (that were never configured to be public-facing) are
suddenly accessible from everywhere.

None of this isn't preventable, by the way.  There are a myriad of
solutions that can and do mitigate these risks.  But to simply dismiss
the security considerations is, I think, incredibly naïve and
unrealistic.


On Sun, Mar 23, 2014 at 5:41 PM, Timothy Morizot <tmorizot () gmail com> wrote:


On Mar 23, 2014 7:24 PM, "Mike Hale" <eyeronic.design () gmail com> wrote:

It's derisive because you completely dismiss a huge security issue
that, given the state of IPv6 adoption, a great majority of companies
are facing.


The original assertion was that there are unaddressed security weaknesses in
IPv6 itself preventing its adoption. At least that's the way I read it. And
that assertion is mostly FUD.

Calling it FUD is completely wrong because it *is* a legitimate
security issue for most businesses.  Sure, you've got the few who have
been able to properly plan for and secure their networks against the
increased attack surface of IPv6, but again...most companies haven't.


Well, it's hardly a few at this point, unless by few you simply mean a
minority. But it's a numerous and growing minority. Moreover, the
acknowledgement that enterprises have been able to properly plan and deploy
IPv6 while appropriately mitigating the security risks shows the claim that
there are security weaknesses in IPv6 preventing its adoption is false.

Now admittedly if an enterprise hasn't done any security planning or
assessments then they aren't ready to deploy IPv6. But there's nothing
inherent to IPv6 stopping them.

Scott




-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Current thread:

Re: IPv6 Security [Was: Re: misunderstanding scale], (continued)
- - - Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 27)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Jack Bates (Mar 27)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 27)
    - Re: misunderstanding scale bmanning (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - Re: misunderstanding scale Paul Ferguson (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - Re: misunderstanding scale Mike Hale (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - Re: misunderstanding scale Mike Hale (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - Re: misunderstanding scale Michael Thomas (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - Re: misunderstanding scale Mike Hale (Mar 23)
    - Re: misunderstanding scale Timothy Morizot (Mar 23)
    - RE: misunderstanding scale Naslund, Steve (Mar 23)
    - Re: misunderstanding scale William Herrin (Mar 24)
    - RE: misunderstanding scale Alexander Lopez (Mar 24)
    - Re: misunderstanding scale Timothy Morizot (Mar 24)
    - RE: misunderstanding scale Naslund, Steve (Mar 24)

(Thread continues...)