RE: Security over IPv6 networks
Hi,
Remember that NAT was not to designed for security.......
In IPv6, you can protect your LAN with a IPv6-firewall......like linux :)
Of course, in the first steps of ipv6, we should make as special effort on security issues.... but, is secure ipv4 right now?? ;)
Javier.
-----Mensaje original-----
De: BEGIN, Thomas [mailto:tbegin@tf1.fr]
Enviado el: miércoles, 12 de marzo de 2003 17:12
Para: debian-ipv6@lists.debian.org
Asunto: Security over IPv6 networks
Hello,
Security... that's a core problem for a lot of engineers !
With IPv4, a lot of enterprises networks were set up with private addresses (eg 10.x.x.x ). That implies that computers inside the network are unreachable from outside (eg Internet).
Since IPv6 offers a large scale of addresses, I've heard that companies could address their machines with global unicast addresses (public addresses) and also benefit fully from IPsec and peer to peer applications.
That's nice and it is said that it should improve security (IPsec totally used from sender to receiver).
But in the other hand, isn't it dangerous to address machines with global unicast address and thus make them reachable directly from anywhere and by anybody... Besides NAT is often acknowledged as a good shield to secure networks.
Then is it really possible to protect IPv6 networks (with global unicast addresses) as safe as Ipv4 networks using NAT ?
I realize this is a big topic and may be there is no easy response but getting a high performance security is a fundamental factor for the deployement of IPv6.
But if you have any idea (know enterprises that use public addresses for their network) please let me know ...
-Thomas
PS: using site local addresses inside IPv6 networks doesn't solve the problem ... ;-))
--
To UNSUBSCRIBE, email to debian-ipv6-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: