Re: simple security

[RÃmi Denis-Courmont <remi@remlab.net>]

On Tue, 23 Mar 2010 17:51:29 +0100, Philip Homburg

<pch-v6ops@u-1.phicoh.com> wrote:

> In your letter dated Tue, 23 Mar 2010 17:48:22 +0200 you wrote:

>>> Some people argued that a stateful firewall is no longer needed because

>>> attackers no longer use vectors that a firewall protects against.  This

>>> sounds like circular reasoning to me, as if you no longer need a roof

>>> because rain hasn't fallen on your head  for years.

>>

>>Do you take vaccinations for illenesses that don't exist anymore? Most

>> people don't even take vaccinations for some that do exist but not

>> where they live.

>>Why would you protect IPv6 systems for old (now fixed) vulnerabilities in

>>IPv4 systems?

> 

> Maybe I'm misunderstanding your argument. But are you trying to say that

> in, say, the past 5 years, there have been no remote holes in any

commonly

> used system?



There are remote holes in old unpatched systems (which are generally so old

that they don't support IPv6 anyway). Oh sure, there are plenty of holes in

modern systems (that do support IPv6) but not the kind that stateful

firewalls protect against. Last time I checked stateful firewalls did not

protect from browser and web server bugs nor from harmful email.



-- 

RÃmi Denis-Courmont

http://www.remlab.net

http://fi.linkedin.com/in/remidenis