On Thu, 26 Jan 2012, Scott A. Johnson wrote:
> I also highly recommend HE's ipv6 certification.
> Probably the biggest concept to get over in ipv6 is there is no need for
> NAT or private CIDR ranges. And don't get stuck in the thought process that
> your LAN security will go down hill. Because you can have your own
> routeable subnet, it's easy to have a single choke point to run a firewall
> on and filter the subnet's traffic.
Uh, that's not entirely true. NAT is something they did try to eliminate
(but is still doable), and the whole concept of link/site/global is still
based on reserved address ranges. Personally, I think the knee-jerk
response to ALGs and the push to transparent network topologies is idiotic,
and anathema to network security.
I also applaud HE's certification course, though.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jan 27 10:05:00 2012
This archive was generated by hypermail 2.1.8 : Fri Jan 27 2012 - 10:05:00 AKST