[AusNOG] [Ap-ipv6tf] official shutdown date for IPv4. The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour said. "
Roland Dobbins
rdobbins at arbor.net
Wed Nov 5 18:02:07 EST 2014
On 5 Nov 2014, at 13:47, Ross Wheeler wrote:
> If they can't "update" their system, don't "GET" the bit about having
> to keep AV software up-to-date etc, how the HELL can we expect them to
> secure IPv6? (Hint: we can't)
Eliminating NAT doesn't mean eliminating network access policies. It
doesn't preclude automagic provisioning of said policies, nor
transparent stateful firewalling (appropriate for client-type machines,
but not for servers).
And even with NAT, which causes huge problems for ordinary users, much
less network operators and server/app/service operators, we've all these
hundreds of millions of compromised, botted hosts worldwide. The
majority of botted hosts are compromised via layer-7 techniques which
leverage social engineering; NAT does nothing about that.
NAT is not a security technology. NAT does not materially benefit
security in any way. NAT is in fact a detriment to actual,
operationalizable security.
Unfortunately, the widespread misperception that NAT is a 'security'
technology means that it won't go away - which is really too bad.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the AusNOG
mailing list