[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: "Rémi Denis-Courmont" <remi@remlab.net>
Subject: Re: simple security
From: Philip Homburg <pch-v6ops@u-1.phicoh.com>
Date: Tue, 23 Mar 2010 17:51:29 +0100
Cc: v6ops@ops.ietf.org
In-reply-to: Your message of "Tue, 23 Mar 2010 17:48:22 +0200 ." <201003231748.22841.remi@remlab.net>
References: <001501caca91$769511b0$63bf3510$@org> <201003231748.22841.remi@remlab.net>

In your letter dated Tue, 23 Mar 2010 17:48:22 +0200 you wrote:
>> Some people argued that a stateful firewall is no longer needed because
>> attackers no longer use vectors that a firewall protects against.  This
>> sounds like circular reasoning to me, as if you no longer need a roof
>> because rain hasn't fallen on your head  for years.
>
>Do you take vaccinations for illenesses that don't exist anymore? Most people
>don't even take vaccinations for some that do exist but not where they live.
>Why would you protect IPv6 systems for old (now fixed) vulnerabilities in
>IPv4 systems?

Maybe I'm misunderstanding your argument. But are you trying to say that in,
say, the past 5 years, there have been no remote holes in any commonly used
system? 

Or are you trying to say to because remote holes are not exploited over IPv6
at the moment, it is not worth having protection for them. Just wait until
it is too late, and router vendors once again get a bad rep for offering
no security.

Follow-Ups:
- Re: simple security
  - From: RÃmi Denis-Courmont <remi@remlab.net>

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: "Rémi Denis-Courmont" <remi@remlab.net>

Prev by Date: Re: On saving end-to-end transparency
Next by Date: Re: simple security
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread