[LINK] www.ipv6.org.au/summit
Karl Auer
kauer at biplane.com.au
Mon Sep 1 01:41:11 AEST 2008
On Sun, 2008-08-31 at 16:46 +0200, Kim Holburn wrote:
> our next
> best defence is a hardware firewall ie a commodity router/firewall/
> modem and they have been remarkably successful.
well, no, not really. They are spectactularly *UN*successful at
protecting anyone from viruses, trojans, phishing attacks, malicious
downloads, web-based OS exploits, and a host of other nasties. Insofar
as they provide protection at all, it is against classes of attack that
are relatively uncommon and that (with very few exceptions) have little
chance of success anyway. The millions of infected zombie machines out
there are testament to how effective commodity CPE is at protecting
things.
> none of this is available to most home users. Their best option is a
> NAT firewall.
You've morphed "NAT" into "NAT firewall". NAT is not a firewall. If you
need a firewall, you need it completely independently of NAT.
I just wanted to challenge the reigning perception that NAT is somehow a
security benefit. It's not. We can have exactly the same level of
security without NAT using the most basic of packet filters. In fact,
they would be cheaper, faster and more reliable. If IPv6 banishes NAT,
no-one's security will be any the worse.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at : random.sks.keyserver.penguin.de
More information about the Link
mailing list