Re: [fw-wiz] ***SPAM*** Re: IPv6 support in firewalls



Patrick M. Hausen wrote:

First you should not rely on NAT as a security measure, anyway,
because it isn't.

I advocate using every measure possible to provide security. IP masquerading helps thwart information gathering. I would never suggest using NAT as the only security measure. By IP masquerading, I avoid having a RIR identify the address blocks I use internally, as they would if I were to use public space. Explain why you feel this is wrong?


Third, this is the _only_ way to get rid of the "net 10 considered
harmful" nightmare

It's only a nightmare for people who do not exercise discipline in assigning addresses. I could just as easily err with public addresses and assign the same block of addresses to multiple sites. The fact that an RIR allocates you a block of IPv6 addresses does not guarantee you will not botch assignment within your networks.

Even Forrest Gump knows, "stupid is as stupid does".


IMHO theses are the combined reasons to start over and
kill NAT forever.

Won't happen in my lifetime, nor my childrens' lifetime. begin:vcard
fn:David Piscitello
n:Piscitello;David
adr;dom:;;3 Myrtle Bank Lane;Hilton Head;SC;29926
email;internet:dave@xxxxxxxxxxx
x-mozilla-html:FALSE
url:http://hhi.corecom.com/weblogindex.htm
version:2.1
end:vcard

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (comp.security.misc)
  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (comp.security.firewalls)
  • Re: Windows vulnerability vs Linux vulnerability [Re: Would a firewall
    ... was that protection a part of the kernel or ... implementation of the NT line represented a good security mix. ... Having to give a user full admin rights to install software is stupid. ... same functionality as windows, I would really push for them when appropriate. ...
    (alt.computer.security)
  • Re: Default Admin Account
    ... it was 1 computer system and didn't leave a stupid note then I could ... States military and NASA computers in 2001 and 2002. ... networks he is accused of hacking include networks owned by NASA, ... It was not a mistake that there was a huge security stand-down ...
    (Pen-Test)
  • Re: OT: Mac users?
    ... The "security issues" are usually stupid things like auto opening ... The reason IE gets so many viruses is simple: People wirte them for the PC ... to be some trojan or keylogger virus thats years old, ...
    (alt.guitar.bass)