Re: simple security

[Philip Homburg <pch-v6ops@u-1.phicoh.com>]

Wed, 24 Mar 2010 12:15:49 +0100 Mark Townsley wrote:
>Yes, I know there are still OSes that will be compromised in a matter of 
>seconds on the open Internet. These, however, do not run IPv6. With 
>IPv6, we are really talking about Vista, Win 7, linux, and macosx. All 
>ship with IPv6 firewalls (except linux I suppose), and far more secure 
>IP stacks vs. that of ten years ago. All have tethers back home for 
>updates, in the event that a new exploit is found. These firewalls are 
>far more adaptive and secure than the "IPv6 simple-security" firewall.

I think it is ironic that in one thread we are discussing devices that are
so resource constrained that they can't even afford to implement DHCPv6,
and have to rely on RFC-5006 to get the locations of DNS servers. And in
the next thread it is assumed that all devices have stateful firewalls and
automatically update themselves whenever a new bug is discovered.

Somehow that doesn't seem to add up.

Is it really that case that all that will be connected to the IPv6 internet
are Windows, Linux, and MacOS systems? No printers, no multi-media devices,
no light switches or other home automation systems? Or is every light switch
expected to come with it's own host-based firewall solution?