= Сообщение: 5814 из 7402 ============================================= IPV6 = От : Tony Langdon 3:633/410 26 Jan 19 20:29:00 Кому : Victor Sudakov 26 Jan 19 20:29:00 Тема : Re: NAT FGHI : area://IPV6?msgid=959.fido-ipv6@3:633/410+20b1652c На : area://IPV6?msgid=2:5005/49+5c4b3f09 = Кодировка сообщения определена как: ASCII ================================== Ответ: area://IPV6?msgid=2:5005/49+5c4c6f84 ============================================================================== -=> On 01-25-19 23:46, Victor Sudakov wrote to All <=-
VS> Dear All,
VS> With the proliferation of IPv6 I hear more and more often that NAT is a VS> great security mechanism because it hides your intranet infrastructure VS> from outsiders, and how unfit IPv6 is for enterprise networks because VS> it lacks the notion of NAT which makes IPv6 networks so very very much VS> insecure.
VS> Do you have good conter-arguments?
NAT was never intended as a security mechanism, and it does nothing more than a goof packet filter could do.
VS> Indeed, in some corporate networks I've seen, the use of the RFC1918 VS> address space is written into security guidelines as a requirement.
VS> Then again, as I come to think of it, even if your IPv6 intranet has a VS> good firewall on the border, your internal network addresses are still VS> exposed to the Internet. Is that a problem?
If your firewall is blocking traffic, you can hardly say you're exposed.
NAT still creates a lot of problems, ask anyone who'd wrestled with port forwarding, to try and get services opened to the Internet.
... Each experiment, success or failure, is a learning experience. === MultiMail/Win v0.51 --- SBBSecho 3.03-Linux * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)