[GTALUG] Linux hardening question
James Knott
james.knott at rogers.com
Thu Jun 29 17:36:06 EDT 2017
On 06/29/2017 05:14 PM, Ansar Mohammed wrote:
> It's not a matter of being afraid of anything. Security 101 tells you
> to reduce your attack surface area.
> I would not increase my attack surface area just for the sake of being
> an early adopter of IPv6.
>
> To be clear the conversation is about hardening. This is the right
> thing to do.
>
Then you'll be hardening yourself out of a growing portion of the
Internet. I use a browser addon called "ShowIP" which displays the web
site IP address. I can see a significant part of the sites I go to are
now IPv6. Also, if you don't know how to set up a firewall on IPv6, you
really can't consider yourself capable of hardening anything. Fore
example, consider setting up a firewall. On Cisco gear, unless you
filter on address, you IPv4 and IPv6 rules are identical. On other
firewalls, such as pfSense, you can do both IPv4 & IPv6 with one rule.
You can also have separate rules if needed, your choice. Also, if
you're not competent with IPv6, you'll never get some certifications
such as CCNA etc. They require you to know IPv6.
BTW, here's the IPv6 address for gtalug.org:
2600:3c03::f03c:91ff:fe50:ea0a
More information about the talk
mailing list