On 11/15/11 09:15, William Herrin wrote:
On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart<jeroen@mompl.net> wrote:
William Herrin wrote:
If your machine is addressed with a globally routable IP, a trivial failure of your security apparatus leaves your machine addressable from any other host in the entire world which wishes to send it
Isn't that the case with IPv6? That the IP is addressable from any host in the entire (IPv6) world? And isn't that considered a good thing?
Hi Jeroen,
Yes, according to almost every application developer asked it's a good thing.
Me? I'm not so sure. Historically, enterprises moved away from global addressability even when IP addresses were free, *before* address scarcity became an issue. There's a lesson in there somewhere and I'm not convinced it's that "they were dumb."
And make no mistake: successful security is about layers, about DEPTH. You can seek layers from other sources but a shallow security process will tend to be easily breached.
Hi Bill: I am not sure if the enterprises were dumb for doing private address space, but I have a few hints that they might have been. (E.g. there's a *lot* of RFC1918 space out there. Why does the overwhelming majority use 192.168.0.0/24 or 192.168.1.0/24 or 10.0.0.0/24?) But what definitely *is* dumb is are the following two axioms, at least one of which is expressed in the article: 1. You need NAT/private ip address space to have security. 2. Once you have NAT/private ip address space, you have security. On the surface those axioms clearly violate your notion of security layers and they clearly violate common sense. Yet we find them lurking just beneath the surface, including in the debate about the utility of IPv6 ULAs, as well as in the article. michael