IPv6 Firewalls

I don’t quite understand the thinking of commenters on this story that think that security lies in having an end-system firewall – that is the Windows Firewall, the built in Mac Firewalls, Symantec Personal Firewall, etc. That’s a degree of security. That’s not real security. Find out the IPv6 issues being discussed for there’s far too that I can rip into about the story and the commenters here.

Aaron Brazell

Aaron Brazell is a Baltimore, MD-based WordPress developer, a co-founder at WP Engine, WordPress core contributor and author. He wrote the book WordPress Bible and has been publishing on the web since 2000. You can follow him on Twitter, on his personal blog and view his photography at The Aperture Filter.

One thought on “IPv6 Firewalls

  1. Well, I think the discussion on diabling the protocol is more interesting, not being able to firewall off v6 clients will likely lead to abuse on the radio side of things.

    As for personal firewalls, outbound blocking allows you to stop trojans from calling home- so it’s useful even if it’s not on by default on the Mac and you can’t do it in Windows without 3rd party software.

    Firewalls are useful in stoping target of opportunity attacks. Limiting what devices can access an open port is good for reducing vulnerability. Especially for new vulnerabilities in nework services for which there isn’t yet a patch.

    Firewalls stop real attacks all the time, so I’m not sure why the folks enabling v6 devices haven’t started to work out the issues and build in some protection.

    If you don’t have a real trusted and validated computing base, then you’re pretty much stuck with arbitrating access as a security mechanism. What’s the alternative?

    Paul

Comments are closed.