[6bone] Security over IPv6 networks

[Tim Chown]

Does anyone know if the Nokia firewalls will also be on the same path soon?

Tim

On Thu, Mar 13, 2003 at 02:00:03PM +0200, Hank Nussbacher wrote:
> At 12:50 PM 12-03-03 -0500, Chuck Yerkes wrote:
> >NAT is not security.  Recent exploits have further hammered
> >this home, but it's never been about security.  It's been about
> >dealing with 8 IP addresses and 200 machines.
> >
> >Can it help security some?  Sure.  I made by friend with Windows
> >and DSL get a NAT box.  Badly written client applications can easily
> >be tricked into downloading bad code eliciting buffer over flow
> >or, for the really bad programs like Outlook and IE, running code
> >from strangers.  All through NAT.
> >
> >Is NAT a firewall?  Only for the naive.
> 
> Checkpoint will soon be releasing their "Calgary" release (FP4) - Early 
> Availability 2 should be ready next week.
> 
> From their beta documentation of FP4:
> 
> IPv6
> 22)In Calgary,FireWall-1 supports IPv6 out of the box.
> Supported platforms
> •Solaris 8/9
> •Nokia IPSO 3.7
> Supported features
> •Dual stack –both IPv6 and IPv4 on the same interface.
> •IPv6 access control with accept/drop/reject/log actions.
> •Simple TCP and UDP services,and ICMPv6.
> •IPv6 FTP service (active and passive).
> •IPv6 Host and Network objects.
> •Using IPv6 &IPv4 objects in the same rule base.
> •IPv6 logging and IPv6 filters.
> •Implied rules for enabling traffic needed for IPv6 discovery IPv6 
> fragments.
> •Using IPv6 requires a special license which is not included in the trial 
> period and EVAL licenses.
> 
> -Hank
> 
> _______________________________________________
> 6bone mailing list
> 6bone@mailman.isi.edu
> http://mailman.isi.edu/mailman/listinfo/6bone