[AusNOG] IPv6 excuses

Mark Andrews marka at isc.org
Sat May 28 13:36:21 EST 2016 

In message <57490CDB.2020909 at 0xc0dedbad.com>, Peter Fern writes:
> On 05/28/16 12:01, Mark Andrews wrote:
> >>> e.g. TV's don't need to be listening on the net.
> >> They don't need to be, but are they?  Now TVs support all sorts of
> >> streaming protocols, etc.  I have no idea what the quality of code is
> >> like on TV firmware.  And you can add streaming boxes, light bulbs, IoT,
> >> etc to the list.
> > Yes, they support all sorts of streaming protocols.  Lots of protocols
> > we use every day in browers and other applications.  Invariably the
> > boxes are using exactly the same libraries yet you are scare because
> > its in a streaming box instead of the browser.
> 
> No, they additionally implement servers for stuff like DLNA, Airplay,
> Google Cast, etc.  Some of these protocols only work locally, some don't
> have that limitation.  Modern TVs may also allow installing apps, that
> may expose other services.  And this is just one example appliance.
> 
> > Being behind a NAT doesn't protect devices. All it takes is a single
> > compromised machine.  The same applies to firewalls.  Each and every
> > device needs to protect itself.
> 
> Being behind NAT (or a CPE firewall) does protect insecure devices from
> providing additional pivots into the network though.  And, you know,
> stops the Internet from playing with people's 'smart' lights, watching
> their IP cams, etc.

And that doesn't require a firewall.  It requires proper authentication.

> You might argue that end users should deal with this themselves, but
> many end users are either incapable or uninformed, and if it's trivial
> to provide protection at the CPE with minimal impact, how is this a bad
> idea?

It's trivial to provide authentication that isn't dependent on a firewall

> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the AusNOG mailing list