IPv6 - real vs theoretical problems
bill at herrin.us
Fri Jan 7 20:49:15 CST 2011
On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
> On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
>> I presume you don't intend us to conclude that a bastion
>> host firewall provides no security benefit to the equipment it
> If it's protecting workstations, yes, it has some positive security value - but not due to NAT.
I see. Would I misstate your view if I characterized it as:
"A bastion host firewall which simulates identical IP addresses on
both sides provides at least as effective security as an otherwise
identical firewall which does not."
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG