[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simple security
On Wed, 24 Mar 2010 14:25:12 +0100
Philip Homburg <pch-v6ops@u-1.phicoh.com> wrote:
> Wed, 24 Mar 2010 12:15:49 +0100 Mark Townsley wrote:
> >Yes, I know there are still OSes that will be compromised in a matter of
> >seconds on the open Internet. These, however, do not run IPv6. With
> >IPv6, we are really talking about Vista, Win 7, linux, and macosx. All
> >ship with IPv6 firewalls (except linux I suppose), and far more secure
> >IP stacks vs. that of ten years ago. All have tethers back home for
> >updates, in the event that a new exploit is found. These firewalls are
> >far more adaptive and secure than the "IPv6 simple-security" firewall.
>
> I think it is ironic that in one thread we are discussing devices that are
> so resource constrained that they can't even afford to implement DHCPv6,
> and have to rely on RFC-5006 to get the locations of DNS servers. And in
> the next thread it is assumed that all devices have stateful firewalls and
> automatically update themselves whenever a new bug is discovered.
>
> Somehow that doesn't seem to add up.
>
> Is it really that case that all that will be connected to the IPv6 internet
> are Windows, Linux, and MacOS systems? No printers, no multi-media devices,
> no light switches or other home automation systems? Or is every light switch
> expected to come with it's own host-based firewall solution?
>
>
A host based firewall can be a simple as a packet filter. For embedded
devices, an extremely simple yet fairly effective firewall would be to
only accept traffic from ULA source addresses.
>