misunderstanding scale (was: Ipv4 end, its fake.)

Mark Tinka mark.tinka at seacom.mu
Sun Mar 23 19:34:10 UTC 2014


On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:

> My hope is that folks stop equating firewalls with
> security, when the first step is to secure the host,
> accountability is with the host, then layer other tools
> as needed.

I couldn't agree more.

As an example, your home PC (whose OS wasn't updated in 
months because the wife and kids can't be asked) is hit via 
HTTP in a way your CPE firewall couldn't prevent. It is then 
used to re-attack other appliances in your home that have 
poor software with no security features.

CPE firewalls won't do anything about that.

I support vendors of all kinds (Tv's, microwaves, STB's, 
home theatre systems, video game consoles, e.t.c.) to 
include some kind of localized security features that 
augment what a CPE firewall can offer. This will be even 
more critical, I think, to getting homes and offices to 
accept the use of GUA's on the LAN, if we have any hopes of 
finally getting rid of NAT with IPv6, at the scale we have 
it in IPv4.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140323/973fe827/attachment.bin>


More information about the NANOG mailing list