ipv6 question!

[Karl Auer]

On Sun, 2009-05-31 at 17:45 -0500, Steven Susbauer wrote:
> There is nothing wrong with having a globally routable IP address, and
> you can still use just one router to connect to the internet, you just
> have to make sure you have a good stateful firewall in between the
> internet connection and the computers.

You don't need a good stateful firewall in ANY network, it's just that
this has become the accepted wisdom over time. Having local filters on
each host will do the job just as well, and will continue to do the job
even against other local machines - which are far more likely to be the
source of any actual attack. A border firewall is a good idea, but not
essential, especially in small networks.

> NAT is "more secure",
> but it is not designed as a security feature.

You've pressed my button with that statement :-)

The idea that NAT is "more secure" is the result of years of good
marketing by vendors who were trying to make a very bad thing (total
loss of end-to-end transparency for a start) look more palatable. Any
security benefit NAT has is massively overshadowed by its disadvantages,
and can be provided by the simplest of filters.

Regards, K.
 
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090601/7ff57d6f/attachment.sig>