[ipv6hackers] IPv6 security (slides and training)
owend at he.net
Sun Nov 13 09:03:20 CET 2011
On Nov 12, 2011, at 1:42 PM, Scott Weeks wrote:
> --- owend at he.net wrote:
> From: Owen DeLong <owend at he.net>
> My best guesses in no particular order, but, based on the feedback I receive
> from many of these organizations when I talk to them at a variety of trade shows
> and conferences:
> 1. Inertia
> 2. Fear of the unknown (We don't know IPv6. IPv4 NAT is familiar. The
> devil we know...)
> 3. Misunderstandings
> a. "There is no multihoming solution in IPv6"
> b. "The lack of NAT in IPv6 makes it fundamentally insecure"
> c. "We could never implement a protocol without address obfuscation"
> d. "PCI requires us to use NAT" (There is actually a proviso in PCI
> for equivalent compensating controls).
> 4. They went to someone's IPv6 security lecture and came away with
> the sound bite "Don't deploy IPv6 on any production network unless
> you absolutely have to."
> I'm sure these are just a few of the reasons. Notice that most of them can
> be solved primarily by education which is why I spend most of my time
> You forgot control-freak managers who say show me the business case for IPv6 or it's a no-go project. That's one of the reasons I left my last position at the ILEC here in Hawaii. I doubt my experiences are unusual, so the training about the reasons for moving to IPv6 has to get out to pointy-haired folks.
I didn't forget them. I consider them a subset of item 1.
As to training pointy hairs, we are actually working on it. If you have pointy hairs you'd liked trained,
send me an email off list and let's talk about how to make it happen.
More information about the Ipv6hackers