[GTALUG] Linux hardening question

Daniel Villarreal youcanlinux at gmail.com
Fri Jun 30 11:36:40 EDT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mr. Mohammed,

Thanks for sharing your thoughts.

At no time did you ever state that you refused to use IPv6. You
actually stated that you do, in fact, use IPv6. Neither did you ever
state that IPv4 is "good enough."

Aside from IPv4 vs IPv6, do you have any suggestions for hardening a
Linux system?

kind regards,
Daniel Villarreal
PGP key 2F6E 0DC3 85E2 5EC0 DA03  3F5B F251 8938 A83E 7B49

On 06/29/2017 06:18 PM, Ansar Mohammed via talk wrote:
> Again, please follow the thread, this is not about competency or 
> capability on IPv6.
> 
> This is a simple question on hardening a Linux system. My entire
> network runs IPv6 also. But my home systems do not need to be
> hardened.
> 
> There have been many IPv6 only bugs and exploits including last
> years IPv6 ping of death on Cisco. 
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-20160525-ipv6
>
>  The stack simply isn't as battle tested as IPv4.
> 
> Oh, and that growing portion of the internet that's IPv6 only is 
> primarily China.
> 
> What's your business reason for the additional risk of IPv6?
> 
> Does your application support IPv6?
> 
> Has your application been tested with IPv6?
> 
> Do you have users that are IPv6 only?
> 
> If you don't need it on a hardened system, you are just adding
> another attack vector for no good reason.
...


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEzBAEBCAAdBQJZVnAAFhx5b3VjYW5saW51eEBnbWFpbC5jb20ACgkQ8lGJOKg+
e0kIaAf/Yw4QQQweyh0NEX2oro/YrvsDZU3r8zPKL/NXc42w38Q9imJr6J6Ue+Si
6jQ5hZRO0O29Q6Z0DcA1nAg+jOhVBl+cK+TF4RVlxDvAIM55WtwuouQaT5TZwXb/
PRLkR6ZzNnmiIb37jbe0hZSK9CYmI/0wPwyCB5JmrlUNanMA93i4AjBBgKKD24qm
w0ph6SPscSv44BkynkOS8Qf5yMZsGt8JjOs19HvJ5AlwUx67aLHIrBvF8SWKw2/W
22Md8cey26LdxChdXR1L7pDCyjxw/OBtTX0Q78ypxucYi7zqx3CVP8HIGO1dZX1T
Othjz6Gq6UE6nYRIJupcfAA295nbPg==
=lWC7
-----END PGP SIGNATURE-----


More information about the talk mailing list