[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: v6ops@ops.ietf.org
Subject: Re: simple security
From: "Rémi Denis-Courmont" <remi@remlab.net>
Date: Tue, 23 Mar 2010 17:48:22 +0200
In-reply-to: <001501caca91$769511b0$63bf3510$@org>
Organization: Remlab.net
References: <001501caca91$769511b0$63bf3510$@org>
User-agent: KMail/1.12.4 (Linux/2.6.32.9; KDE/4.3.5; i686; ; )

On Tuesday 23 March 2010 16:02:18 Lee Howard, you wrote:
> The simple-security draft represents the best practice we know of for
> securing home networks.  It describes the behavior that should be the
> default for all home networking gateways.  Advanced users who know what
> they're getting into can change those default rules.

I've kept saying the same thing for three years now. But anyway. This 
assertion raises the a much more systematic question:

What's the use of IPv6 (then)? IPv6 with a stateful firewall is essentially 
just as bad as IPv4 with a NAT in terms of connectivity. Also IPv6 has 
fundamentally higher overhead (both in terms of packet header size and of 
router processing).

So the simple security draft seems highly paradoxical to me. A "solution" 
would be to specify a functional hole punching mechanism. But that key part 
part is missing. I am not comfortable with having the simple security document 
without a hole punching document too.

Some people will doubtless argue that there should not be a hole punching 
mechanism. But then, I would like them to answer the question above... 
(Standardization engineer job security is not a good reason for IPv6 to me)

> Some people argued that a stateful firewall is no longer needed because
> attackers no longer use vectors that a firewall protects against.  This
> sounds like circular reasoning to me, as if you no longer need a roof
> because rain hasn't fallen on your head  for years.

Do you take vaccinations for illenesses that don't exist anymore? Most people 
don't even take vaccinations for some that do exist but not where they live.

Why would you protect IPv6 systems for old (now fixed) vulnerabilities in IPv4 
systems?

> It was also argued that attacks of this kind simply don't exist in IPv6.

Which is true.

> That sounds like the argument that faults in the space shuttle o-ring
> haven't caused explosions before, so it's safe.

No. It's just an argument that operating systems have already been fixed 
*before* they implemented IPv6. Common attack vectors are in different 
(higher) parts of the software stack, against which stateful firewalls are 
totally helpless.

> I'll also point out that
> OSes with smaller market share have fewer exploits written for them because
> they are a smaller target; as IPv6 exceeds 50%, there will be more attacks.

That is a severe misrepresentation of reality. You will find exploits written 
for very obscure vulnerabilities. Of course, they are not commonly (mis)used, 
but they are available.

-- 
Rémi Denis-Courmont
Nokia Corporation / Maemo Devices R&D

Follow-Ups:
- Re: simple security
  - From: Lindqvist Kurt Erik <kurtis@kurtis.pp.se>
- Re: simple security
  - From: Victor Kuarsingh <victor.kuarsingh@gmail.com>
- Re: simple security
  - From: Fred Baker <fred@cisco.com>
- Re: simple security
  - From: Philip Homburg <pch-v6ops@u-1.phicoh.com>

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>

Prev by Date: Re: On saving end-to-end transparency
Next by Date: On filibusters as a mode of technical discussion
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread