On Mar 23, 2014, at 11:38 PM, Mark Tinka <mark.ti...@seacom.mu> wrote:
> On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote: > >> When speaking of IPv6 deployment, I routinely hear about >> host security. I feel like it should be stated that this >> is *in no way* an IPv6 issue. May the device be ULA, >> LLA, GUA or RFC1918-addressed, the device is at risk >> anyway. >> >> If this is the only argument for delaying IPv6 >> deployment, this sounds more like FUD to me ;-) > > I guess it's no surprise that host security is not an IPv4 > or IPv6 issue. > > It's just that with IPv4, the majority of unclean and > unupdated hosts have been living behind NAT44. > > In an ideal IPv6 world, all hosts have GUA's, and in this > case, host security becomes a bigger problem, because now > the host is directly accessible without a NAT66 in between > (we hope). > > Mark. Bzzzt… But thanks for playing. An IPv6 host with a GUA behind a stateful firewall with default deny is every bit as secure as an iPv4 host with an RFC-1918 address behind a NAT44 gateway. Owen
