"Perry E. Metzger" wrote:
> I doubt any average homeowner could effectively run a
> firewall. It is necessary that the devices be secure ab initio, and
> only communicate to properly authenticated and authorized
> sources.
And yet, there is a trend towards "personal firewalls". Linux
includes a firewall out of the box (with the ipfwadm and ipchains
components). Several products are on the market for Windows
-- see http://grc.com/su-firewalls.htm . One product is very
user-friendly, it seems to me that any homeowner could use it.
So, perhaps the same company could also make a NAT that
any homeowner could use? Because if the problem of NATs is
easy of use, and this is the key being banged here (the NY School
Board example, etc.) then it is a problem of design. However,
if the problem is concept, in which way are NATs different
from gateways, conceptually speaking? And, gateways are
useful, no?
Further, it seems to me that if NATs are to be blamed for the
demise of IPv6, or its ad eternum delay, then maybe this is
what the market wants -- a multiple-protocol Internet,
where tools for IPv4/IPv6 interoperation will be needed
... and valued. A commercial opportunity, clearly. Which
can, undoubtably, be put in a sound theoretical framework
for NATs, in network topology. NATs do not have to be a
hack. They seem to have been discovered before being
modeled, that is all.
So, much as I side with Perry's defense of IPV6 though, I
cannot side with a downplay of NATs in order to leave
more room for IPv6. Indeed, NATs can help IPv6
interoperate... so, it is by definition, useful. And firewalls are
IMO much more homeowner-friendly than "ab initio security".
So, we need to be careful otherwise the baby goes with the
baby water ;-)
Cheers,
Ed Gerck
