On Saturday, 10 September 2016 9:46:04 AM ACST Lew Wolfgang wrote:
Hi Folks,
[...] So, what is the threat to a home IPv6 user who has WiFi and an Internet of Things with minimal/non-existent security? I personally feel safer behind a nice natted IPv4 firewall with ACL rules between my copper and WiFi subnets. I just feel that I have more control of the situation with a simpler network.
Has SUSE addressed this issue? Tell me I don't have to worry about it!
Regards, Lew
Exactly the same security principle apply to IPv6 as to IPv4. Especially given that every ISP-issued IPv6 address is a public IP address, the only way to go is to have a properly configured firewall (either in the router or separately) between your internal network and the outside world; preferrably one that supports stateful packet inspection that will only allow traffic through that is part of a connected stream where the connection was originated from inside your network. It doesn't hurt to have your wifi on its own subnet with another firewall (or, at the very least, ACL's on the router and/or access point) between the wifi and wired portions of your network. Having properly secured wifi with appropriately long encryption keys and certificate-based client authentication controlled by a properly configured authentication server (either Radius or TACACS+) either. If you absolutely must allow connections from the outside world, using certificate-based authentication and locking that access down to only the ports absolutely required will help maintain security. For my network, I allow only IMAPS, ssh and SIP (for VoIP) through - everything else is blocked. Oh, yes - makd sure your router and/or firewall are configured to log (at the very least) anything that is blocked and check the logs regularly. Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org