TIP: Click on subject to list as thread! ANSI
echo: ipv6
to: Victor Sudakov
from: Markus Reschke
date: 2019-01-26 12:12:00
subject: NAT

Hello Victor!

Jan 25 23:46 2019, Victor Sudakov wrote to All:

 VS> With the proliferation of IPv6 I hear more and more often that NAT is 
 VS> a great security mechanism because it hides your intranet 
 VS> infrastructure from outsiders,

There's a lot of misunderstanding of NAT and security. The typical case is that 
NAT is done by a dedicated firewall or a router with firewall features, i.e. 
the firewall/router does packet filtering and NAT. So a lot of people think 
that NAT implies security, but it doesn't. NAT is exactly what the acronym 
says: network address translation. An 1:1 NAT simply translates one address or 
subnet to another. How could that provide any security? What you need is packet 
filtering (plus proxies and so on). 

 VS> infrastructure from outsiders, and how unfit IPv6 is for enterprise       
 VS> networks because it lacks the notion of NAT which makes IPv6 networks     
 VS> so very very much insecure.

There's also NAT for IPv6. BTW, IPv6 has a nice feature called Privacy 
Extensions to automatically change IP addresses regularly. 

ciao,
Markus

--- 
     
* Origin: *** theca tabellaria *** (2:240/1661)

SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.