= Сообщение: 5815 из 7402 ============================================= IPV6 = От : Markus Reschke 2:240/1661 26 Jan 19 12:12:38 Кому : Victor Sudakov 26 Jan 19 12:12:38 Тема : NAT FGHI : area://IPV6?msgid=2:240/1661+5c4220cb На : area://IPV6?msgid=2:5005/49+5c4b3f09 = Кодировка сообщения определена как: LATIN1 ================================= Ответ: area://IPV6?msgid=2:5005/49+5c4c7389 ============================================================================== Hello Victor!
Jan 25 23:46 2019, Victor Sudakov wrote to All:
VS> With the proliferation of IPv6 I hear more and more often that NAT is VS> a great security mechanism because it hides your intranet VS> infrastructure from outsiders,
There's a lot of misunderstanding of NAT and security. The typical case is that NAT is done by a dedicated firewall or a router with firewall features, i.e. the firewall/router does packet filtering and NAT. So a lot of people think that NAT implies security, but it doesn't. NAT is exactly what the acronym says: network address translation. An 1:1 NAT simply translates one address or subnet to another. How could that provide any security? What you need is packet filtering (plus proxies and so on).
VS> infrastructure from outsiders, and how unfit IPv6 is for enterprise VS> networks because it lacks the notion of NAT which makes IPv6 networks VS> so very very much insecure.
There's also NAT for IPv6. BTW, IPv6 has a nice feature called Privacy Extensions to automatically change IP addresses regularly.