IPv6 uptake (was: The Reg does 240/4)

• Previous message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Next message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 16, 2024 at 2:19 PM Jay R. Ashworth <jra at baylink.com> wrote:
> > From: "Justin Streiner" <streinerj at gmail.com>
> > 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
> > to accept in the v4 world.
>
> NAT doesn't "equal" security.
>
> But it is certainly a *component* of security, placing control of what internal
> nodes are accessible from the outside in the hands of the people inside.

Hi Jay,

Every firewall does that. What NAT does above and beyond is place
control of what internal nodes are -addressable- from the outside in
the hands of the people inside -- so that most of the common mistakes
with firewall configuration don't cause the internal hosts to -become-
accessible.

The distinction doesn't seem that subtle to me, but a lot of folks
making statements about network security on this list don't appear to
grasp it.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Next message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]