IPv6 Security [Was: Re: misunderstanding scale]

Mon Mar 24 16:30:20 UTC 2014

On Monday, March 24, 2014 02:42:07 PM Timothy Morizot wrote:

> While I don't really disagree with that statement, I'm
> not entirely sure what CPE firewalls and home devices
> have to do with enterprise deployments, the topic I was
> discussing. We've been actively working this for the
> past three years now and have yet to encounter an IPv6
> specific enterprise risk for which no appropriate
> mitigation exists. That's why I called out the assertion
> that security weaknesses in IPv6 were *preventing*
> enterprise deployments as FUD. And until someone
> specifically names some major unmitigated IPv6-only
> security weakness blocking enterprise deployment instead
> of vague hand-waving or lists of security risks (as
> opposed to weaknesses) with well-defined mitigations,
> I'll stand by that statement.

Agree - the security issues for deploying IPv6 in the 
enterprise are not that dissimilar from the concerns in the 
home in as far as assigning GUA's to enterprise printers, 
staff laptops, surveillance cameras, e.t.c., is concerned.

This is not necessarily an issue of IPv6. It's more of an 
issue having a direct connetion to the Internet without NAT 
(a.k.a security by obscurity, false sense of security, 
e.t.c.), and what that means for the host's security.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140324/215adf2c/attachment.sig>