[Novalug] IPv6 compliajnce question

Mackenzie Morgan macoafi@gmail.com
Sun Nov 30 18:33:54 EST 2008


On Sun, 2008-11-30 at 18:29 -0500, Rich Goodwin wrote:
> On Sun, 2008-11-30 at 17:15 -0500, Mackenzie Morgan wrote:
> > On Sun, 2008-11-30 at 17:05 -0500, Charles M Howe wrote:
> > > Nerds,
> > > 
> > > According to an item posted to Slashdot on 11/30/08, 9:35 am, all major
> > > distros are IPv6 compliant. It gave a few examples. Ubuntu was not
> > > listed. Does this mean that it ISN'T compliant or is it nothing more
> > > than an emission.
> > 
> > I think it's an omission, since the IPv6 stuff mostly occurs in the
> > kernel.  There are certain graphical network utilities that do not
> > expose IPv6 options, however.  The command line is still needed.
> > 
> > > Further exhibiting my customary cluelessness, I pose the following
> > > questions:
> > > 
> > > (1) Does compliance enhance security, decrease security or is it
> > > security-neutral?
> > 
> > If you don't know it's there, it's a security liability because if you
> > don't know it's on, how can you protect against attacks on it?  If you
> > know it's there, and you configure your ip6tables...security neutral,
> > I'd say.
> 
> I would say this is yet unknown.  IPv6 vulnerabilities are not widely
> known as it does not permeate the net yet.  The US is drastically behind
> others (e.g. China used it exclusively during the Olympics).  I'd be
> equally cautious when running both stacks.  I'd suspect there'd be some
> potential issues there as well ... although I am not an expert by any
> means.

It's true that we don't know about any big security vulnerabilities due
to lack of research.  There's also a major lack of network monitoring
tools that are able to properly handle IPv6.
 
> > > (2) Should computer brains push the incoming administration to, say,
> > > adopt a policy of moving the federal government to compliance?
> > 
> > There was a date a few months ago by which the Federal government had to
> > audit all their networking hardware and ensure that it was
> > IPv6-capable...for varying values of "capable"...  
> 
> And many are simply buying H/W that claims to be IPv6 compliant.  That
> does not address the OS running it if this is a server/desktop.  IIRC,
> OMB established a mandate to procure the equipment only.  

As I said...for varying values of capable :P  "The sticker says so" is a
[very very small] value ^_^

-- 
Mackenzie Morgan
http://ubuntulinuxtipstricks.blogspot.com
apt-get moo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20081130/53fe1aad/attachment.asc>


More information about the Novalug mailing list