[ipv6hackers] Implications of IPv6 on network firewalls

Eric Vyncke (evyncke) evyncke at cisco.com
Tue Mar 27 09:16:34 CEST 2012


I also have strong doubts that IPsec will be used everywhere to everywhere: too complex do and it would also make firewall and IPsec blind which is probably not what some network/security people want to do.

Regarding the secure printing, like Marc I have seen applications where it is more about being physically present when the pages are printed and not so much about sending encrypted data to the printer.

-éric

> -----Original Message-----
> From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] On Behalf Of Marc Heuse
> Sent: mardi 27 mars 2012 08:07
> To: IPv6 Hackers Mailing List
> Cc: Fernando Gont
> Subject: Re: [ipv6hackers] Implications of IPv6 on network firewalls
> 
> 
> >>> I guess your assessment is good for the environment, since I
> >>> consider it unlikely for, say, printers to ship with all the
> >>> machinerary necessary to make the printing job work over IPsec (over
> IPv6).
> >>
> >> http://h30046.www3.hp.com/large/solutions/JetDirect635n_WW_DS_Rev_1.p
> >> df ;-)
> >>
> >> Secure printing is an important issue in a major enterprise... not to
> >> be underrated...
> >
> > Do you know many cases where they currently rely on that?
> 
> I know several companies who wanted to have a secure printing environment,
> but due cost and support etc they implemented - dunno the official name for
> it - "print where you are" with a contactless smartcard plus user
> certificates.
> 
> what I am sure about is that quite some companies will have it in their
> buying requirements, just because they think they might enable it in the
> future.
> 
> but I doubt that the ipsec way will ever be deployed expect in very small
> organisations or those with very high security requirements like military.
> although the overhead is manageble on Windows devices, it is a bit more for
> Cisco and such printers, and too much of a burder for everything else where
> it is not automated out of the box to distribute the certificates. (NAS, old
> printers, Unix servers, office automation, etc.)
> 
> the cost to move to ipsec is high, and it limits the flexibility of the
> network, e.g. moving devices, changing ip addresses.
> 
> Greets,
> Marc
> 
> --
> Marc Heuse
> www.mh-sec.de
> 
> PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list