[Novalug] IPv6 compliajnce question
Mackenzie Morgan
macoafi@gmail.com
Sun Nov 30 18:33:54 EST 2008
On Sun, 2008-11-30 at 18:29 -0500, Rich Goodwin wrote:
> On Sun, 2008-11-30 at 17:15 -0500, Mackenzie Morgan wrote:
> > On Sun, 2008-11-30 at 17:05 -0500, Charles M Howe wrote:
> > > Nerds,
> > >
> > > According to an item posted to Slashdot on 11/30/08, 9:35 am, all major
> > > distros are IPv6 compliant. It gave a few examples. Ubuntu was not
> > > listed. Does this mean that it ISN'T compliant or is it nothing more
> > > than an emission.
> >
> > I think it's an omission, since the IPv6 stuff mostly occurs in the
> > kernel. There are certain graphical network utilities that do not
> > expose IPv6 options, however. The command line is still needed.
> >
> > > Further exhibiting my customary cluelessness, I pose the following
> > > questions:
> > >
> > > (1) Does compliance enhance security, decrease security or is it
> > > security-neutral?
> >
> > If you don't know it's there, it's a security liability because if you
> > don't know it's on, how can you protect against attacks on it? If you
> > know it's there, and you configure your ip6tables...security neutral,
> > I'd say.
>
> I would say this is yet unknown. IPv6 vulnerabilities are not widely
> known as it does not permeate the net yet. The US is drastically behind
> others (e.g. China used it exclusively during the Olympics). I'd be
> equally cautious when running both stacks. I'd suspect there'd be some
> potential issues there as well ... although I am not an expert by any
> means.
It's true that we don't know about any big security vulnerabilities due
to lack of research. There's also a major lack of network monitoring
tools that are able to properly handle IPv6.
> > > (2) Should computer brains push the incoming administration to, say,
> > > adopt a policy of moving the federal government to compliance?
> >
> > There was a date a few months ago by which the Federal government had to
> > audit all their networking hardware and ensure that it was
> > IPv6-capable...for varying values of "capable"...
>
> And many are simply buying H/W that claims to be IPv6 compliant. That
> does not address the OS running it if this is a server/desktop. IIRC,
> OMB established a mandate to procure the equipment only.
As I said...for varying values of capable :P "The sticker says so" is a
[very very small] value ^_^
--
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20081130/53fe1aad/attachment.asc>
More information about the Novalug
mailing list