RE: Is IPv6 more secure than IPv4 ?

From: David Prall (dcp@dcptech.com)
Date: Wed Dec 14 2005 - 13:42:30 GMT-3

• Next message: James Ventre: "Re: Is IPv6 more secure than IPv4 ?"
• Previous message: Sam Lai: "RE: CCIE Credentials Usage etc"
• Maybe in reply to: Bobby Acker: "Is IPv6 more secure than IPv4 ?"
• Next in thread: James Ventre: "Re: Is IPv6 more secure than IPv4 ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IPv6 with end-to-end IPSec has the same issues that IPv4 has with this. It
requires a PKI infrastructure to properly support it. Once it is
implemented, I can now transfer my virus without IDS/IPS being able to look
into it. So now I have to have Host Based IDS/IPS to look into everything as
well. NAT being a security tool isn't all that compelling when I can send an
email to an end-user, they open that email and it goes out connects to a web
server, run a java or activex applet and tell me that they are using an
RFC-1918 address, yet my web server can tell that they are being NAT'd to
such and such address. Using end-to-end IPv6 addresses requires the same
security as IPv4. IPv6 adds things like mobility, which truly scares
security people.

David

--
David C Prall dcp@dcptech.com http://dcp.dcptech.com
  
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On 
> Behalf Of CCIEin2006
> Sent: Wednesday, December 14, 2005 11:31 AM
> To: Bobby Acker
> Cc: ccielab@groupstudy.com; security@groupstudy.com
> Subject: Re: Is IPv6 more secure than IPv4 ?
> 
> Not exactly,
> 
> The only reason he may believe that IPv6 is more secure is 
> because IPSEC
> functionality is built into the protocol (you don't necessarily have
> to enable it though) whereas in IPv4 IPSEC is an add on 
> feature. They pretty
> much do the same thing though.
> 
> One thing I don't understand regarding IPv6 is they say it is 
> better than
> IPv4 because it gives true "end-to-end communication" and no 
> longer requires
> NAT on the internet. But if thats true don't you lose the 
> security benefits
> that NAT gives by hiding the inside addresses?!?
> 
> Maybe the experts like Scott or the Brians can comment?
> 
> On 12/14/05, Bobby Acker <aggiebob98@yahoo.com> wrote:
> >
> > A coworker made a claim yesterday that IPv6 was more secure 
> than IPv4.  I
> > can think of a few instances were this might be the case.  
> Does anyone have
> > opinions on this and why this would or would not be true?
> >
> > Bobby
> >
> > 
> ______________________________________________________________
> _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
> ______________________________________________________________
> _________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html

• Next message: James Ventre: "Re: Is IPv6 more secure than IPv4 ?"
• Previous message: Sam Lai: "RE: CCIE Credentials Usage etc"
• Maybe in reply to: Bobby Acker: "Is IPv6 more secure than IPv4 ?"
• Next in thread: James Ventre: "Re: Is IPv6 more secure than IPv4 ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3