[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

misunderstanding scale

Subject: misunderstanding scale
From: jgreco at ns.sol.net (Joe Greco)
Date: Mon, 24 Mar 2014 08:25:42 -0500 (CDT)
In-reply-to: <CAP-guGVfNySCSuw-59kuGWe=eJxKTqo5bySttDaftQa7vA6V0g@mail.gmail.com>

> Hi Mike,
> 
> You can either press the big red button and fire the nukes or you
> can't, so what difference how many layers of security are involved
> with the "Football?"
> 
> I say this with the utmost respect, but you must understand the
> principle of defense in depth in order to make competent security
> decisions for your organization. Smart people disagree on the details
> but the principle is not only iron clad, it applies to all forms of
> security, not just IP network security.

The problem here is that what's actually going on is that you're now
enshrining as a "security" device a hacky, ill-conceived workaround
for a lack of flexibility/space/etc in IPv4.  NAT was not designed
to act as a security feature.

If you want more layers of security, put a second firewall into your
design.  Don't perpetuate horrid IPv4 hacks that were necessary for
specific reasons into IPv6 where those hacks are no longer needed.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

Follow-Ups:
- misunderstanding scale
  - From: bill at herrin.us (William Herrin)
- misunderstanding scale
  - From: tmorizot at gmail.com (Timothy Morizot)

References:
- misunderstanding scale
  - From: bill at herrin.us (William Herrin)

Prev by Date: tools similar to stat.ripe.net?
Next by Date: misunderstanding scale
Previous by thread: misunderstanding scale
Next by thread: misunderstanding scale
Index(es):
- Date
- Thread