[ipv6hackers] IPv6 security (slides and training)

Scott Weeks surfer at mauigateway.com
Sat Nov 12 22:42:24 CET 2011

--- owend at he.net wrote:
From: Owen DeLong <owend at he.net>

My best guesses in no particular order, but, based on the feedback I receive
from many of these organizations when I talk to them at a variety of trade shows
and conferences:

1.	Inertia
2.	Fear of the unknown (We don't know IPv6. IPv4 NAT is familiar. The
	devil we know...)
3.	Misunderstandings
	a.	"There is no multihoming solution in IPv6"
	b.	"The lack of NAT in IPv6 makes it fundamentally insecure"
	c.	"We could never implement a protocol without address obfuscation"
	d.	"PCI requires us to use NAT" (There is actually a proviso in PCI
		for equivalent compensating controls).
4.	They went to someone's IPv6 security lecture and came away with
	the sound bite "Don't deploy IPv6 on any production network unless
	you absolutely have to."

I'm sure these are just a few of the reasons. Notice that most of them can
be solved primarily by education which is why I spend most of my time

You forgot control-freak managers who say show me the business case for IPv6 or it's a no-go project.  That's one of the reasons I left my last position at the ILEC here in Hawaii.  I doubt my experiences are unusual, so the training about the reasons for moving to IPv6 has to get out to pointy-haired folks.



More information about the Ipv6hackers mailing list