I was reading a number of the recent Usenix papers on IPv6 transition, and the one thing that sparked a thought was the fact that there really is no “RFC 1918” space in the IPv6 world. I was wondering how many security architectures have a fundamental assumption that “you can’t get there from here”? I know that I use a NAT firewall and private address space as a main aspect of my security architecture, but when I move to IPv6, that will be gone. This does not mean that I will be more vulnerable, as a properly configured firewall will restrict traffic. However, I will have to be more purposeful in blocking traffic, where as now, I rely on a default that it just can’t be done.
Just some food for thought.
Founded in 1994, SystemExperts is a premier boutique provider of IT compliance and cyber security consulting services. We help clients see the big picture and design solutions to meet their comprehensive security needs. We are dedicated to providing unmatched personal attention, distilling problems to their root causes and recommending what’s appropriate for our clients. We have built our reputation on providing practical, effective IT security solutions for securing enterprise computing infrastructures.