Dear All,
With the proliferation of IPv6 I hear more and more often that NAT is a great
security mechanism because it hides your intranet infrastructure from
outsiders, and how unfit IPv6 is for enterprise networks because it lacks the
notion of NAT which makes IPv6 networks so very very much insecure.
Do you have good conter-arguments?
Indeed, in some corporate networks I've seen, the use of the RFC1918 address
space is written into security guidelines as a requirement.
Then again, as I come to think of it, even if your IPv6 intranet has a good
firewall on the border, your internal network addresses are still exposed to
the Internet. Is that a problem?
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20160322-b20160322
* Origin: Ulthar (2:5005/49)
|