[GTALUG] Linux hardening question

Ansar Mohammed ansarm at gmail.com
Thu Jun 29 17:14:48 EDT 2017 

It's not a matter of being afraid of anything. Security 101 tells you to
reduce your attack surface area.
I would not increase my attack surface area just for the sake of being an
early adopter of IPv6.

To be clear the conversation is about hardening. This is the right thing to
do.


On Thu, Jun 29, 2017 at 5:05 PM James Knott via talk <talk at gtalug.org>
wrote:

> On 06/29/2017 04:06 PM, Ansar Mohammed wrote:
> > Not really. We have a 12% adoption of IPv6 in Canada.
>
> And growing.  Rogers started offering IPv6 a bit over a year ago.  It's
> now available to every cable and cell customer (some cable customers may
> need a new modem).  Telus has also had it for a while, along with
> Teksavvy over ADSL.  There are other Canadian companies that are
> offering it, though Bell seems to be stuck.  There are simply not enough
> IPv4 addresses to go around and there hasn't been for quite some time.
> Some carriers are providing IPv4 only via carrier grade NAT, which means
> you can pretty well forget about accessing your own network.  Also, IPv6
> brings with it some security features.  For example, IPSec was
> originally designed for IPv6 and then added to IPv4.  IPv6 can also use
> something called "privacy addresses", where a random number is used to
> form part of your address.  These addresses change frequently, so it
> would be difficult to attack them.  There are other security benefits to
> IPv6 that are not available in IPv4.
>
> Like it or not, IPv6 is coming.  Better get used to it.
>
> I've been running IPv6 for over 7 years and have been using that time to
> learn about it.  As for address space, the smallest amount an ISP is
> supposed to provide is a /64 prefix.  That leaves the customer with 2^64
> addresses.  I have a /56 prefix from Rogers, which gives me 2^72
> addresses or 256 /64s.
>
> Now, given that other than the address space, IPv6 is pretty much the
> same as IPv4, what are you afraid of?
>
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20170629/7187524b/attachment.html>

More information about the talk mailing list