IPv6 - real vs theoretical problems

William Herrin bill at herrin.us
Fri Jan 7 20:49:15 CST 2011


On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
> On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
>> I presume you don't intend us to conclude that a bastion
>> host firewall provides no security benefit to the equipment it
>> protects.
>
> If it's protecting workstations, yes, it has some positive security value - but not due to NAT.

Hi Roland,

I see. Would I misstate your view if I characterized it as:

"A bastion host firewall which simulates identical IP addresses on
both sides provides at least as effective security as an otherwise
identical firewall which does not."

Regards,
Bill Herrin




-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004




More information about the NANOG mailing list