misunderstanding scale (was: Ipv4 end, its fake.)
Mark Tinka
mark.tinka at seacom.mu
Sun Mar 23 19:34:10 UTC 2014
On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:
> My hope is that folks stop equating firewalls with
> security, when the first step is to secure the host,
> accountability is with the host, then layer other tools
> as needed.
I couldn't agree more.
As an example, your home PC (whose OS wasn't updated in
months because the wife and kids can't be asked) is hit via
HTTP in a way your CPE firewall couldn't prevent. It is then
used to re-attack other appliances in your home that have
poor software with no security features.
CPE firewalls won't do anything about that.
I support vendors of all kinds (Tv's, microwaves, STB's,
home theatre systems, video game consoles, e.t.c.) to
include some kind of localized security features that
augment what a CPE firewall can offer. This will be even
more critical, I think, to getting homes and offices to
accept the use of GUA's on the LAN, if we have any hopes of
finally getting rid of NAT with IPv6, at the scale we have
it in IPv4.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140323/973fe827/attachment.sig>
More information about the NANOG
mailing list