[GTALUG] Linux hardening question

[James Knott]

On 06/30/2017 08:45 AM, Russell wrote:
> "If you fail to plan, you are planning to fail!"
>
> This is the sort of reasoning which provided for IPV6's creation in the first place. The internet is running out of address space. Any networked system, currently hardened or otherwise, has to take the future into account when planning for the present.

According to Vint Cerf, IPv4 was never intended to be released as a
public system.  It was intended to demonstrate the concepts, and the
"official" version would have a much larger address space.

> The only real qustion is how long will it be before you must enable IPV6 or be shut out of maintream knowledge, interests or economies?

That's already happening in some parts of the world.
>
> Competent or not we will all face up to this, some sooner than others.

I'm the kind of person who always has to learn.  I first read about IPv6
in the April 1995 issue of Byte magazine (I still have that issue on my
shelf, along with every other paper issue of Byte, going back to Vol 1
#1, Sept 1975).

When I decided it was time to start working with IPv6, I used a 6in4
tunnel, back in May 2010.  Also, I spend a lot of time with Wireshark,
looking at what's on the wire, to fully understand the various protocols.

I can also recommend the "IPv6 Essentials" book, from O'Reilly as an
excellent reference.

I have no use for those who insist IPv4 is good enough, when it hasn't
been since the day it became necessary to use NAT.  It also has other
flaws that have been addressed in IPv6.  So, anyone who's in the
business, but not willing to work with IPv6, should start looking for
another job.  They'll soon be obsolete.