On Mon, Mar 24, 2014 at 8:31 AM, Joe Greco <jgreco@ns.sol.net> wrote:
all successful security is about _defense in depth_. If it is inaccessible, unrouted, unroutable and unaddressable then you have four layers of security. If it is merely inaccessible and unrouted you have two.
Time to give up two layers of meaningless security for the riches offered by the vastness of the new address space.
Hi Joe,
You'd expect folks to give up two layers of security at exactly the same time as they're absorbing a new network protocol with which they're yet unskilled? Does that make sense to you from a risk-management standpoint?
Actually, yes, it does. Using the product as intended is substantially less risky than trying to figure out how to use some sort of proxy or gateway functionality to emulate NAT, and then screwing that up. If you're afraid that you're insufficiently competent, help for hire is available, as are two levels of firewalling, which isn't really a bad idea anyways. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.