Re: misunderstanding scale

[Owen DeLong <owen () delong com>]

On Mar 23, 2014, at 11:38 PM, Mark Tinka <mark.tinka () seacom mu> wrote:

> On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:
>
> > When speaking of IPv6 deployment, I routinely hear about
> > host security. I feel like it should be stated that this
> > is *in no way* an IPv6 issue. May the device be ULA,
> > LLA, GUA or RFC1918-addressed, the device is at risk
> > anyway.
> >
> > If this is the only argument for delaying IPv6
> > deployment, this sounds more like FUD to me ;-)
>
> I guess it's no surprise that host security is not an IPv4 
> or IPv6 issue.
>
> It's just that with IPv4, the majority of unclean and 
> unupdated hosts have been living behind NAT44.
>
> In an ideal IPv6 world, all hosts have GUA's, and in this 
> case, host security becomes a bigger problem, because now 
> the host is directly accessible without a NAT66 in between 
> (we hope).
>
> Mark.

Bzzzt… But thanks for playing.

An IPv6 host with a GUA behind a stateful firewall with default deny is every bit as secure as an iPv4 host with an 
RFC-1918 address behind a NAT44 gateway.

Owen