IPv6 Firewalls

I don’t quite understand the thinking of commenters on this story that think that security lies in having an end-system firewall – that is the Windows Firewall, the built in Mac Firewalls, Symantec Personal Firewall, etc. That’s a degree of security. That’s not real security. Find out the IPv6 issues being discussed for there’s far too that I can rip into about the story and the commenters here.

One Reply to “IPv6 Firewalls”

  1. Well, I think the discussion on diabling the protocol is more interesting, not being able to firewall off v6 clients will likely lead to abuse on the radio side of things.

    As for personal firewalls, outbound blocking allows you to stop trojans from calling home- so it’s useful even if it’s not on by default on the Mac and you can’t do it in Windows without 3rd party software.

    Firewalls are useful in stoping target of opportunity attacks. Limiting what devices can access an open port is good for reducing vulnerability. Especially for new vulnerabilities in nework services for which there isn’t yet a patch.

    Firewalls stop real attacks all the time, so I’m not sure why the folks enabling v6 devices haven’t started to work out the issues and build in some protection.

    If you don’t have a real trusted and validated computing base, then you’re pretty much stuck with arbitrating access as a security mechanism. What’s the alternative?


Comments are closed.