On Sat, 2009-10-24 at 19:31 -0400, Adam Tauno Williams wrote:
On Sat, 2009-10-24 at 17:28 -0400, Ken Schneider - openSUSE wrote:
Hans Witvliet pecked at the keyboard and wrote:
Adam Tauno Williams wrote: <snip> Just when doing a new project: some parts should have been delt with,
On Sat, 2009-10-24 at 22:08 +0200, Per Jessen wrote: like security, support, documentation, IPv6. Can someone explain what security IPv6 offers over IPv4?
None. The approach for security issues with IPv6 and IPv4 is the same.
As all they are are addresses, with IPv6 offering a far greater range, I fail to see the significance one would have over the other in that regard.
There is no significance. You need firewalls and policies just like with IPv4. But if you block port XYZ for IPv4 you need to make sure that port XYZ is blocked for IPv6 - the 'firewall' stacks are independent on most platforms.
Tools like fwbuilder work with IPv6 as well as IPv4, so if you are using old versions of those tools you just need to upgrade your tool set. http://www.fwbuilder.org/
There are some security-aspects. The good one, is that one doesn't need something like openvpn or ipsec on top of IP(v4) as it is allready included in IPv6. The bad on: you have to be aware that *current* firewall rules aply only to IPv4 (and probably also host allow/deny). It means that in the early days of migration (specially if people are not aware of providers suddenly present a dual stack to their customers) will find their network highly exposed.... (imho that's the main reason for getting your feet wet early) Oh, btw, it also solves the problem of having multiple apache ssl-vhosts. As you get some millions of private routable addresses you can give each apache-server its own address, instead of just a name. So that's another good one. hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org