[LINK] www.ipv6.org.au/summit

Karl Auer kauer at biplane.com.au
Tue Sep 2 17:49:12 AEST 2008 

On Tue, 2008-09-02 at 08:58 +0200, Kim Holburn wrote:
> remote reprogramming of firewalls.   So yes, you can't initiate a  
> contact into the network directly but you can use an internally  
> initiated contact to attack a machine and even then attack other  
> machines in that network.

Yes. With or without NAT, as you say. However, these attacks happen
further up the protocol stack; NAT is neither here nor there. Once you
control a machine inside a network, most bets are off as far as border
security, and *certainly* any microscopic amount of security that NAT
might have added is gone.

> A plain public network can  
> be probed over and over and the info collected, collated and stored.   
> No matter what protections the network has, someone getting in can  
> potentially have a lot of info about it.

"Getting in"? Yes, if they can get in, but see above. As far as
"probing", well, we keep hearing this, but it's irrelevant. People
knowing what addresses you have does not matter. Really. It just does
not matter. All the attacker has is a list of addresses.

> There's nothing inherently wrong with security by obscurity.  It's a  
> good addition to any security and home users need everything they can  
> get.

No. You say these things like they are written on tablets of stone, but
there IS something inherently wrong with security by obscurity, in that
the security vanishes like morning mist if the obscurity is ever lost,
and worse, you may not even know that your security just vanished. You
DON'T "need everything you can get" either - not if the cost of what you
are getting outweighs the benefits.

>  It also goes along with security by diversity which can have real  
> benefits.

Again; diversity that costs you more than it benefits you is not worth
having.

Believing that NAT is part of in-depth security is akin to digging a
shallow trench all around your house and insisting that it's improved
your security because burglars might trip and fall and hobble off
injured rather than robbing you. If you need the trench for, say,
drainage, then sure, by all means take advantage of the "extra security"
it offers. If you don't need the trench for any other reason, does it
really make sense to dig it just for the security advantages? Of course
not. Even a twenty-foot-deep trench with sharpened stakes at the bottom
of it and covered with camouflage cloth has certain disadvantages which
probably make it, on balance, not worth having.

We have to have NAT because we are running out of IPv4 addresses, but as
far as security goes it offers nothing worth having that can't be
adequately handled by a packet filter - and a very simple one at that.
So the disappearance of NAT which will almost inevitably accompany the
uptake of IPv6 is no real loss.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28

More information about the Link mailing list