Hello Victor!

Jan 25 23:46 2019, Victor Sudakov wrote to All:

 VS> With the proliferation of IPv6 I hear more and more often that NAT is 
 VS> a great security mechanism because it hides your intranet 
 VS> infrastructure from outsiders,

There's a lot of misunderstanding of NAT and security. The typical case is that 
NAT is done by a dedicated firewall or a router with firewall features, i.e. 
the firewall/router does packet filtering and NAT. So a lot of people think 
that NAT implies security, but it doesn't. NAT is exactly what the acronym 
says: network address translation. An 1:1 NAT simply translates one address or 
subnet to another. How could that provide any security? What you need is packet 
filtering (plus proxies and so on). 

 VS> infrastructure from outsiders, and how unfit IPv6 is for enterprise       
 VS> networks because it lacks the notion of NAT which makes IPv6 networks     
 VS> so very very much insecure.

There's also NAT for IPv6. BTW, IPv6 has a nice feature called Privacy 
Extensions to automatically change IP addresses regularly. 

ciao,
Markus

---