IPv6 when?
It may be a little off-topic, but comments about the workings of IPV6 are not trolling.
e.g. http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/
e.g. http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/
Quote The internet's next-generation addressing scheme is so radically different from the current one that its adoption is likely to cause severe security headaches for those who adopt it, a researcher said last week.
With reserves of older addresses almost exhausted, the roll-out of the new scheme — known as IPv6 or Internet Protocol version 6 — is imminent. And yet, the radical overhaul still isn't ready for prime time — in large part because IT professionals haven't worked out a large number of security threats facing those who rely on it to route traffic over the net.
“It is extremely important for hackers to get in here fast because IPv6 is a security nightmare,” Sam Bowne, an instructor in the Computer Networking and Information Technology Department at the City College of San Francisco, said on day one of the Defcon hacker conference in Las Vegas. “We're coming into a time of crisis and no one is ready.”
Chief among the threats is the issue of incompatible firewalls, intrusion-prevention devices, and other security appliances, Bowne said. That means many people who deploy IPv6 are forced to turn the security devices off, creating a dangerous environment that could make it easier for attackers to penetrate network fortresses.
What's more, internet addresses that use the new protocol by default contain a 64-bit string that's generated by a computer's MAC, or Media Access Control, address. The use of the so-called extended unique identifier means that people who want to remain anonymous online will have to take precautions that aren't necessary under today's IPv4 system.
“It means that everything you send or receive is labeled with your real MAC address and therefore if you were to do something naughty, like download copyrighted material, they would know who you are much better than they do if all they have is an IP version 4 address,” Bowne said.
Quote from: markg140 ... we still haven't even started discussing the move to IPv6 bit atrocious really.
I'm in much the same boat at work, so I'm learning on my own. In particular, I want to be in a position to know what I'm doing (as much as any of us do ???) if one day the boss reads something about IPv6 and suddenly decides it would be a good thing for us to support it fully, right now, not this afternoon, before lunch - I think you get the idea
Not that I'm saying he has even the slightest resemblance to Dilbert's PHB 
Quote from: MJN For example, even if both sides can agree that there are some security benefits from NAT then whilst the proponent takes this to mean NAT is a good thing the opponent does not because of the negative consequences that NAT introduces. So, both sides are 'right' from their own perspectives but agreement is still not reached.
Indeed, and what those proponents of NAT usually fail to recognise is that there is nothing that NAT gives you, security wise, that can't be done with a decent firewall. I do agree that the default for a self-assigned IPv6 address to include your MAC is a bit of an issue privacy wise, but this can be changed IF you know about it and know how to do it.
Can I just say that NAT in a home environment, particularly with a non-tech aware user is something of a security feature.
Obviously in a enterprise environment, it's probably just a pain - since there will be proper firewalls in place anyway.
I'll leave it there (unless anyone violently disagrees).
Obviously in a enterprise environment, it's probably just a pain - since there will be proper firewalls in place anyway.
I'll leave it there (unless anyone violently disagrees).
Internally, we're totally IPV6 and IPV4 dual-stack, which is lovely (and didn't actually take very long with most modern OSes supporting IPV6 in some fashion out of the box)
Our internet gateway is IPV6 enabled
Our ISP is IPV6 enabled
However..... the connection equipment our ISP supply us with (it's more custom VDSL kit) is NOT IPV6 enabled, and they have no eta on IPV6 replacement hardware yet
Still, gives me a chance to play around with IPV6 and learn some of it's shortcomings. One of them being IP addresses that are too damn long!
Our internet gateway is IPV6 enabled
Our ISP is IPV6 enabled
However..... the connection equipment our ISP supply us with (it's more custom VDSL kit) is NOT IPV6 enabled, and they have no eta on IPV6 replacement hardware yet
Still, gives me a chance to play around with IPV6 and learn some of it's shortcomings. One of them being IP addresses that are too damn long!
Quote from: A Can I just say that NAT in a home environment, particularly with a non-tech aware user is something of a security feature.
Obviously in a enterprise environment, it's probably just a pain - since there will be proper firewalls in place anyway.
I'll leave it there (unless anyone violently disagrees).
I think that's a fair point to settle on, and indeed a commendable stance to take particularly in comparison to how the NAT debate usually ends (and by 'ends' I mean both sides getting bored rather than reaching any sort of agreement!).
Mathew
I am ready for the trial 
Quote from: petertaylor I presume this would still allow me to still be on the ipv6 trial?
As long as you can configure it ok, that should be fine.
Jojo