-=> On 01-25-19 23:46, Victor Sudakov wrote to All <=-

 VS> Dear All,

 VS> With the proliferation of IPv6 I hear more and more often that NAT is a
 VS> great security mechanism because it hides your intranet infrastructure
 VS> from outsiders, and how unfit IPv6 is for enterprise networks because
 VS> it lacks the notion of NAT which makes IPv6 networks so very very much
 VS> insecure.

 VS> Do you have good conter-arguments?

NAT was never intended as a security mechanism, and it does nothing more than a
goof packet filter could do.

 VS> Indeed, in some corporate networks I've seen, the use of the RFC1918
 VS> address space is written into security guidelines as a requirement.

 VS> Then again, as I come to think of it, even if your IPv6 intranet has a
 VS> good firewall on the border, your internal network addresses are still
 VS> exposed to the Internet. Is that a problem?

If your firewall is blocking traffic, you can hardly say you're exposed.

NAT still creates a lot of problems, ask anyone who'd wrestled with port
forwarding, to try and get services opened to the Internet.


... Each experiment, success or failure, is a learning experience.
=== MultiMail/Win v0.51
--- SBBSecho 3.03-Linux