[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple security
On Tue, 23 Mar 2010 11:14:00 -0700
Victor Kuarsingh <victor.kuarsingh@gmail.com> wrote:
> I would tend to agree with Jeffery and Lee
>
> Putting in baseline security from the outset would help protect the general
> user base as they move to IPv6. From an operators perspective, the average
> person has no idea how networks operate, how to secure them, and frankly
> don't care. They expect things to work - i.e. Buy a PC, buy a home gateway,
> pug it in and go. I wish this was not the case, but wishful thinking gets
> me nowhere.
>
And that is exactly why all end-node OSes have been shipped with
firewalls in the last 5+ years, enabled by default.
That is exactly why smart mobile phones haven't been widely exploited
when they've been directly attached to the Internet. They're shipped
with firewalls, enabled by default.
Laptops are outselling desktops. Laptops can and are directly attached
to foreign networks, including the Internet, without security
consideration.
People plug 3G dongles and similar straight into their laptops,
without any security consideration, and then straight into the Internet.
Put your hand up if you have a smart mobile phone. Now put it down if
you checked it had a firewall and it was enabled before you attached it
to a foreign untrusted network (like the IETF one). Hand still up?
The CPE/perimeter firewall model is based on an assumption of
constraints on mobility - your desktop PC stays on your desk, and stays
attached to the same home or work network. That assumption is
rapidly becoming less valid - people are going mobile, and therefore,
security models like the upstream CPE doing everything are becoming
both less valid and less reliable. Vendors have reacted by making the
devices themselves protect themselves. That trend is only going to
continue.
> I think that it's premature to assume the "home" network is ready for
> unrestricted connectivity. The dynamics of the "home" networks are changing
> so fast, that the risks of this environment are not known. Just because we
> have not seen IPv6 based penetration and attacks as we have in the IPv4
> space does not mean it won't happen (just give is time). As an example, it
> took a while from the inception of mass broadband connectivity (90s-2000s)
> to finally see attackers lock on and begin to expose home environments based
> on "always" on connectivity. (in the early days, many did not have home
> firewalls or protective gateways)
>
> Protecting the average person, with an option to "open" the cpe/gateway up
> after provides a much safer framework. Someone who decides to "open" up the
> gateway after the fact would do so knowingly and be prepared (in theory) to
> protect their network (OS patching etc).
>
> No one has robbed me in my current house, but that does not mean I will stop
> locking my door. Sure they can come in through the window (which the few
> robberies in my area have been though) - but if I stop locking my door, they
> they will come in that way (much easier).
>
> Victor K
>
>
> On 23/03/10 8:48 AM, "Rémi Denis-Courmont" <remi@remlab.net> wrote:
>
> > On Tuesday 23 March 2010 16:02:18 Lee Howard, you wrote:
> >> The simple-security draft represents the best practice we know of for
> >> securing home networks. It describes the behavior that should be the
> >> default for all home networking gateways. Advanced users who know what
> >> they're getting into can change those default rules.
> >
> > I've kept saying the same thing for three years now. But anyway. This
> > assertion raises the a much more systematic question:
> >
> > What's the use of IPv6 (then)? IPv6 with a stateful firewall is essentially
> > just as bad as IPv4 with a NAT in terms of connectivity. Also IPv6 has
> > fundamentally higher overhead (both in terms of packet header size and of
> > router processing).
> >
> > So the simple security draft seems highly paradoxical to me. A "solution"
> > would be to specify a functional hole punching mechanism. But that key part
> > part is missing. I am not comfortable with having the simple security document
> > without a hole punching document too.
> >
> > Some people will doubtless argue that there should not be a hole punching
> > mechanism. But then, I would like them to answer the question above...
> > (Standardization engineer job security is not a good reason for IPv6 to me)
> >
> >> Some people argued that a stateful firewall is no longer needed because
> >> attackers no longer use vectors that a firewall protects against. This
> >> sounds like circular reasoning to me, as if you no longer need a roof
> >> because rain hasn't fallen on your head for years.
> >
> > Do you take vaccinations for illenesses that don't exist anymore? Most people
> > don't even take vaccinations for some that do exist but not where they live.
> >
> > Why would you protect IPv6 systems for old (now fixed) vulnerabilities in IPv4
> > systems?
> >
> >> It was also argued that attacks of this kind simply don't exist in IPv6.
> >
> > Which is true.
> >
> >> That sounds like the argument that faults in the space shuttle o-ring
> >> haven't caused explosions before, so it's safe.
> >
> > No. It's just an argument that operating systems have already been fixed
> > *before* they implemented IPv6. Common attack vectors are in different
> > (higher) parts of the software stack, against which stateful firewalls are
> > totally helpless.
> >
> >> I'll also point out that
> >> OSes with smaller market share have fewer exploits written for them because
> >> they are a smaller target; as IPv6 exceeds 50%, there will be more attacks.
> >
> > That is a severe misrepresentation of reality. You will find exploits written
> > for very obscure vulnerabilities. Of course, they are not commonly (mis)used,
> > but they are available.
>
>
>