Tim,
I agree with you on v6 having a better security model compared to v4.
However,
better security != all security.
You may realize that some attacks are harder to run against a v6 than
a v4 AND yet crafting others against v6 are way simpler.
Take a look at this doc from Cisco for details:
http://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=1sbmIPwuO90I_IcbMbVNkZH5X8PzyS9_5Xc5sBkiunvs5iVOmLIDStX5IygFf&hl=en_US&authkey=CJuA14UP
And don't forget that v6 is a relatively newer concept than v4, to the
average IT guy down the street. Meaning; misconfiguration, not so easy
solutions to old problems (e.g UCE <there are less blacklists for v6
than v4>, DDoS <this is a little harder to mitigate in v6 than in v4,
esp. when we have tunneling in place to randomize a server's IP> )
etc.
A ton of things could go "bad".... you know!
>> We could share some knowledge on new v6 technologies like MT6D, the security
>> risks associated with v6 and their practical migitations.
>IPv6 was designed to be more secure than 4v (IPSec baked in).
--
Cheers,
--
- Phillip.
“To do a common thing uncommonly well brings success.”
_______________________________________________
The Uganda Linux User Group: http://linux.or.ug
Send messages to this mailing list by addressing e-mails to: [email protected]
Mailing list archives: http://www.mail-archive.com/[email protected]/
Mailing list settings: http://kym.net/mailman/listinfo/lug
To unsubscribe: http://kym.net/mailman/options/lug
The Uganda LUG mailing list is generously hosted by INFOCOM:
http://www.infocom.co.ug/
The above comments and data are owned by whoever posted them (including
attachments if any). The mailing list host is not responsible for them in any
way.
