> Hi Mike, > > You can either press the big red button and fire the nukes or you > can't, so what difference how many layers of security are involved > with the "Football?" > > I say this with the utmost respect, but you must understand the > principle of defense in depth in order to make competent security > decisions for your organization. Smart people disagree on the details > but the principle is not only iron clad, it applies to all forms of > security, not just IP network security.
The problem here is that what's actually going on is that you're now enshrining as a "security" device a hacky, ill-conceived workaround for a lack of flexibility/space/etc in IPv4. NAT was not designed to act as a security feature. If you want more layers of security, put a second firewall into your design. Don't perpetuate horrid IPv4 hacks that were necessary for specific reasons into IPv6 where those hacks are no longer needed. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
