misunderstanding scale

Mike Hale eyeronic.design at gmail.com
Mon Mar 24 00:54:32 UTC 2014


"unless by few you simply mean a minority"
Which I do.

"appropriately mitigating the security risks shows the claim that
there are security weaknesses in IPv6 preventing its adoption is
false."
No.  It doesn't.  It's not the sole reason, but it's a huge factor to consider.

"But there's nothing inherent to IPv6 stopping them."
There is because it doubles your attack surface at the very least.  At
the worst, it increases it exponentially since suddenly all your
internal devices (that were never configured to be public-facing) are
suddenly accessible from everywhere.

None of this isn't preventable, by the way.  There are a myriad of
solutions that can and do mitigate these risks.  But to simply dismiss
the security considerations is, I think, incredibly naïve and
unrealistic.


On Sun, Mar 23, 2014 at 5:41 PM, Timothy Morizot <tmorizot at gmail.com> wrote:
>
> On Mar 23, 2014 7:24 PM, "Mike Hale" <eyeronic.design at gmail.com> wrote:
>> It's derisive because you completely dismiss a huge security issue
>> that, given the state of IPv6 adoption, a great majority of companies
>> are facing.
>
> The original assertion was that there are unaddressed security weaknesses in
> IPv6 itself preventing its adoption. At least that's the way I read it. And
> that assertion is mostly FUD.
>
>> Calling it FUD is completely wrong because it *is* a legitimate
>> security issue for most businesses.  Sure, you've got the few who have
>> been able to properly plan for and secure their networks against the
>> increased attack surface of IPv6, but again...most companies haven't.
>
> Well, it's hardly a few at this point, unless by few you simply mean a
> minority. But it's a numerous and growing minority. Moreover, the
> acknowledgement that enterprises have been able to properly plan and deploy
> IPv6 while appropriately mitigating the security risks shows the claim that
> there are security weaknesses in IPv6 preventing its adoption is false.
>
> Now admittedly if an enterprise hasn't done any security planning or
> assessments then they aren't ready to deploy IPv6. But there's nothing
> inherent to IPv6 stopping them.
>
> Scott



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0



More information about the NANOG mailing list