On Sun, Mar 23, 2014 at 11:27 AM, Philip Dorr <tagno25@gmail.com> wrote:
On Mar 23, 2014 1:11 PM, "Mark Tinka" <mark.tinka@seacom.mu> wrote:
On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
I was at work last week and because I have IPv6 at both ends I could just log into the machines at home as easily as if I was there. When I'm stuck using a IPv4 only service on the road I have to jump through lots of hoops to reach the internal machines.
I expect this to change little in the enterprise space. I think use of ULA and NAT66 will be one of the things enterprises will push for, because how can a printer have a public IPv6 address that is reachable directly from the Internet, despite the fact that there is a properly configured firewall at the perimetre offering half-decent protection?
That is what a firewall is for. Drop new inbound connections, allow related, and allow outbound. Then you allow specific IP/ports to have inbound traffic. You may also only allow outbound traffic for specific ports, or from your proxy.
i would say the more appropriate place for this policy is the printer, not a firewall. For example, maybe a printer should only be ULA or LLA by default. i would hate for people to think that a middle box is required, when the best place to provide security is in the host. Other layers are needed as required, but it is sad that we don't look to the host it self as a first step. CB