[6bone] Security over IPv6 networks

Hank Nussbacher hank@att.net.il
Thu, 13 Mar 2003 14:00:03 +0200

Previous message: [6bone] Security over IPv6 networks
Next message: [6bone] Security over IPv6 networks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:50 PM 12-03-03 -0500, Chuck Yerkes wrote:
>NAT is not security.  Recent exploits have further hammered
>this home, but it's never been about security.  It's been about
>dealing with 8 IP addresses and 200 machines.
>
>Can it help security some?  Sure.  I made by friend with Windows
>and DSL get a NAT box.  Badly written client applications can easily
>be tricked into downloading bad code eliciting buffer over flow
>or, for the really bad programs like Outlook and IE, running code
>from strangers.  All through NAT.
>
>Is NAT a firewall?  Only for the naive.

Checkpoint will soon be releasing their "Calgary" release (FP4) - Early 
Availability 2 should be ready next week.

 From their beta documentation of FP4:

IPv6
22)In Calgary,FireWall-1 supports IPv6 out of the box.
Supported platforms
•Solaris 8/9
•Nokia IPSO 3.7
Supported features
•Dual stack –both IPv6 and IPv4 on the same interface.
•IPv6 access control with accept/drop/reject/log actions.
•Simple TCP and UDP services,and ICMPv6.
•IPv6 FTP service (active and passive).
•IPv6 Host and Network objects.
•Using IPv6 &IPv4 objects in the same rule base.
•IPv6 logging and IPv6 filters.
•Implied rules for enabling traffic needed for IPv6 discovery IPv6 fragments.
•Using IPv6 requires a special license which is not included in the trial 
period and EVAL licenses.

-Hank

Previous message: [6bone] Security over IPv6 networks
Next message: [6bone] Security over IPv6 networks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]