[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: Mark Townsley <townsley@cisco.com>
Subject: Re: simple security
From: Yannis Nikolopoulos <yanodd@otenet.gr>
Date: Wed, 24 Mar 2010 14:23:18 +0200
Cc: Lee Howard <lee@asgard.org>, v6ops@ops.ietf.org
In-reply-to: <4BA9F465.8060608@cisco.com>
Mail-followup-to: Mark Townsley <townsley@cisco.com>, Lee Howard <lee@asgard.org>, v6ops@ops.ietf.org
References: <001501caca91$769511b0$63bf3510$@org> <4BA9F465.8060608@cisco.com>
User-agent: Mutt/1.5.18 (2008-05-17)

On Wed, Mar 24, 2010 at 12:15:49PM +0100, Mark Townsley wrote:
>
> Yes, I know there are still OSes that will be compromised in a matter of  
> seconds on the open Internet. These, however, do not run IPv6. With  
> IPv6, we are really talking about Vista, Win 7, linux, and macosx. All  
> ship with IPv6 firewalls (except linux I suppose)

what about ip6tables?

Other than that, I think that the paragraph below sums up my feelings
for the matter

> "simple-security" is "simple-minded". It is based on a security-model  
> that is rapidly becoming obsolete, and comes at the cost of complexity  
> in both the RG, the host, and the applications that have to try and work  
> despite all the various rules for having their packets dropped.
>
> - Mark

Yannis

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>

Prev by Date: Re: simple security
Next by Date: Re: simple security
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread