IPv6 uptake (was: The Reg does 240/4)

• Previous message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Next message (by thread): IPv6 uptake
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Feb 16, 2024, at 14:20, Jay R. Ashworth <jra at baylink.com> wrote:
> 
> ----- Original Message -----
>> From: "Justin Streiner" <streinerj at gmail.com>
> 
>> 4. Getting people to unlearn the "NAT=Security" mindset that we were forced
>> to accept in the v4 world.
> 
> NAT doesn't "equal" security.
> 
> But it is certainly a *component* of security, placing control of what internal
> nodes are accessible from the outside in the hands of the people inside.

Uh, no… no it is not. Stateful inspection (which the kind of NAT (actually NAPT) you are assuming here depends on) is a component of security. You can do stateful inspection without mutilating the header and have all the same security benefits without losing or complicating the audit trail. 

Owen

• Previous message (by thread): IPv6 uptake (was: The Reg does 240/4)
• Next message (by thread): IPv6 uptake
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]