nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 uptake (was: The Reg does 240/4)

From: William Herrin <bill () herrin us>
Date: Fri, 16 Feb 2024 19:27:19 -0800
On Fri, Feb 16, 2024 at 7:10 PM John Levine <johnl () iecc com> wrote:

If you configure your firewall wrong, bad things will happen.  I have both
IPv6 and NAT IPv4 on my network here and I haven't found it particularly
hard to get the config correct for IPv6.


Hi John,

That it's possible to implement network security well without using
NAT does not contradict the claim that NAT enhances network security.

That it's possible to breach the layer of security added by NAT does
not contradict the claim that NAT enhances network security.

Any given layer of security can be breached with expense and effort.
Breaching every layer of security at the same time is more challenging
than breaching any particular one of them. The use of NAT adds a layer
of security to the system that is not otherwise there.


Think of it like this: you have a guard, you have a fence and you have
barbed wire on top of the fence. Can you secure the place without the
barbed wire? Of course. Can an intruder defeat the barbed wire? Of
course. Is it more secure -with- the barbed wire? Obviously.

Regards,
Bill Herrin

-- 
William Herrin
bill () herrin us
https://bill.herrin.us/
Previous By Date Next
Previous By Thread Next

Current thread: