IPv6 Myths Broken, Part 2

Posted: September 22, 2011 in IPv6
Tags: , ,

*Editor’s Note: This is the second part in a two-part series on IPv6 myths

By Nicholas Greene

In the first part of this series, I laid out some persistent IPv6 myths. Now it’s time for the reality.

In actuality, the notion that NAT increases security is essentially absurd. It is middleware designed to overcome a shortage of addresses in IPv4. Since IPv6 suffers from no such issues, it doesn’t need NAT. What little security is provided by NAT is completely negligible- as stated by security blogger Earl Carter, “it does no more than prevent random attacks; it prevents no real barrier to a skilled attack. And of course, it is no barrier at all to attacks coming in as email payloads or via open ports.”

The elimination of NAT could actually end up improving security and performance in the long run. According to Hurricane Electric’s Owen Delong, “NAT introduces a number of problems. Many of these problems have been made invisible to the end user and even to the network administrator deploying NAT. But if you ask any software vendor that has had to develop software in spite of NAT, you’ll rapidly find out that it’s making software much more expensive, complex, and even larger than it needs to be. In addition, it makes it hard for users stuck behind NAT to offer any services from their machines…I maintain the position that the choice to offer a service to the Internet or not should rest with the owner of the machine in question in most cases.” And for those who claim there needs to be some method of protection against random attacks in IPv6, a good firewall can still solve the problem.”

IPsec is the same security solution no matter where it’s implemented. And NAT simply doesn’t do all that much for security. As a result, IPv6 is no more or less secure than IPv4 — and IPsec still remains one of the best solutions for security on either platform.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s