[aklug] Re: IPv6

From: Arthur Corliss <acorliss@nevaeh-linux.org>
Date: Fri Jan 27 2012 - 10:04:49 AKST

On Thu, 26 Jan 2012, Scott A. Johnson wrote:

> I also highly recommend HE's ipv6 certification.
> Probably the biggest concept to get over in ipv6 is there is no need for
> NAT or private CIDR ranges. And don't get stuck in the thought process that
> your LAN security will go down hill. Because you can have your own
> routeable subnet, it's easy to have a single choke point to run a firewall
> on and filter the subnet's traffic.

Uh, that's not entirely true. NAT is something they did try to eliminate
(but is still doable), and the whole concept of link/site/global is still
based on reserved address ranges. Personally, I think the knee-jerk
response to ALGs and the push to transparent network topologies is idiotic,
and anathema to network security.

I also applaud HE's certification course, though.

         --Arthur Corliss
           Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jan 27 10:05:00 2012

This archive was generated by hypermail 2.1.8 : Fri Jan 27 2012 - 10:05:00 AKST