misunderstanding scale

Joe Greco jgreco at ns.sol.net
Mon Mar 24 13:27:51 UTC 2014


> On Mon, Mar 24, 2014 at 8:31 AM, Joe Greco <jgreco at ns.sol.net> wrote:
> >> all successful security is about _defense in depth_.
> >> If it is inaccessible, unrouted, unroutable and unaddressable then you
> >> have four layers of security. If it is merely inaccessible and
> >> unrouted you have two.
> >
> > Time to give up two layers of meaningless security for the riches offered
> > by the vastness of the new address space.
> 
> Hi Joe,
> 
> You'd expect folks to give up two layers of security at exactly the
> same time as they're absorbing a new network protocol with which
> they're yet unskilled? Does that make sense to you from a
> risk-management standpoint?

Actually, yes, it does.  Using the product as intended is substantially
less risky than trying to figure out how to use some sort of proxy or
gateway functionality to emulate NAT, and then screwing that up.

If you're afraid that you're insufficiently competent, help for hire is
available, as are two levels of firewalling, which isn't really a bad
idea anyways.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



More information about the NANOG mailing list