[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple security

To: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
Subject: Re: simple security
From: Mark Townsley <townsley@cisco.com>
Date: Wed, 24 Mar 2010 13:57:34 +0100
Cc: Lee Howard <lee@asgard.org>, v6ops@ops.ietf.org
In-reply-to: <20100324230811.66dd9622@opy.nosense.org>
References: <001501caca91$769511b0$63bf3510$@org> <4BA9F465.8060608@cisco.com> <20100324230811.66dd9622@opy.nosense.org>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3

On 3/24/10 1:38 PM, Mark Smith wrote:

On Wed, 24 Mar 2010 12:15:49 +0100
Mark Townsley<townsley@cisco.com>  wrote:

On 3/23/10 3:02 PM, Lee Howard wrote:

The simple-security draft represents the best practice we know of for
securing home networks.

It's not a best-practice, it's a best-guess.

Simple-security is being not being practiced at all on the vast majority
of IPv6 residential connections today.

Is that really the case? What is the current situation with IPv6
firewalls on mainstream OSes like OS X and Vista/Windows 7?

By "simple-security" I was referring to the draft's scope, which is forresidential gateways.

This Linux desktop is directly attached to the Internet, and I've been
running an IPv6 firewall on it for about 3 or 4 years. The initial
Linux implementation was a basic packet filter, however it became
stateful at least 18 months to 2 years ago.

Fully agree that most IPv6-enabled hosts are either running with somesort of firewall either enabled or at least available.


- Mark

References:
- simple security
  - From: "Lee Howard" <lee@asgard.org>
- Re: simple security
  - From: Mark Townsley <townsley@cisco.com>
- Re: simple security
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>

Prev by Date: Re: simple security
Next by Date: Re: simple security
Previous by thread: Re: simple security
Next by thread: Re: simple security
Index(es):
- Date
- Thread