On Mon, 2011-09-12 at 13:41 +1200, Donald Clark wrote:
All
In the piece of work I'm doing for the IPv6 TaskForce, a recurrent theme has been problems around firewalling / security in general with IPv6. This has raised its head in three variations:
1 - my kit doesn't support it / well 2 - I don't know what v6 policies to turn on, or off / how should I setup rules by range 3 - we don't have any v6 rules (but it may be turned on by default)
Does anyone have any examples of attacks, exposures, policy challenges around v6?
A classic example I saw was a bunch of folk from some government department showing up at an IPv6 conference in Canberra a few years ago and being told the wireless was IPv6 enabled they hooked up and said "we don't need to worry about this, we just VPN back to the office and our security policy insists that all web browsing happens across the VPN" then they clicked on a link to an IPv6-only website and promptly discovered all of their security was being bypassed, if the website was available on IPv6. Whoops. They promptly started paying a lot more attention to the conference, and thinking a lot harder about why they needed security policy around IPv6. I wouldn't be surprised to discover this to be a reasonably common issue for medium-sizeor larger organisations who think "we can ignore IPv6 for now, because we don't need or use it". Cheers, Andrew. -- ------------------------------------------------------------------------ andrew (AT) morphoss (DOT) com +64(272)DEBIAN The only thing worse than X Windows: (X Windows) - X ------------------------------------------------------------------------