[Cialug] Slightly OT - IPv6 sillyness
Daniel A. Ramaley
daniel.ramaley at drake.edu
Wed Jul 9 15:34:20 CDT 2014
On 2014-07-09 at 14:44:45 L. V. Lammert wrote:
> Seriouisly, what is with this attitude [of IPb6 folks]? The FIRST step
> of ANY security policy is to block all inbound traffic, and using an
> offnet address is the best way to do that.
Why is that the "best" way? A lot of IPv4 fans confuse firewalling and
NAT. Almost all NAT implementations include a firewall. But the NAT part
is not actually needed to protect your network. All you really need is a
firewall. The NAT part is really just a layer of security through
obscurity.
__
Daniel A. Ramaley
Network Engineer 2
Dial Center 122, Drake University
2407 Carpenter Ave / Des Moines IA 50311 USA
Tel: +1 515 271-4540
Fax: +1 515 271-1938
E-mail: daniel.ramaley at drake.edu
More information about the Cialug
mailing list