 |
privacy |
||
|
Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
Blog Feed Recent Items 
The nfoCentrale Blog Conclave nfoCentrale Associated Sites |
2005-05-03Uh, lemme see, I'm gonna hack my router and expose my residential LAN to the Internet ... Not.Joi Ito's Web: Earthlink R&D shows that IPv6 can be easy. Joi Ito notices a great announcement on migration of some routers to IPv6 in a way that preserves IPv4 and NAT and allows you to have serious IPv6 addressing of machines on your LAN. Typically, you’ll need a recent operating system release, such as Windows XP or OSX or Linux that tends to support a dual stack and/or tunneling of one through the other. The nice thing is being able to have a block of permanent IP addresses. I am not sure I know how to get my ISP (I’m on DSL) and border systems to route them to me, and I have a lot more questions before I’m willing to try it. First, let me say this is great news. As recently as Spring 2004, while I was in an M.Sc in IT Computer Communications course, it looked like the disruption of our in-place systems and all of those small routers and nodes, just for an IPv6 migration ,was near-insurmountable. We have an interim scheme (IPv4 with NAT) that works so well there is not a strong business need to fix it in North America. It’s not that broke that we need to fix it, and the migration has no benefit until it is done. That’s like setting a time-bomb in Visual Basic 6.0. Nobody wants to spend the money just to stand still. What about transitional security? My concern is two-fold. I don’t think I want to install any research-center’s firmware upgrade on my Linksys residential router and firewall without giving it a good hard think. This is primary infrastructure stuff, and I am not sure I see all of the pieces in place to put my trust in (l) not knowing what’s running in my first-line of network protection at the border to my SOHO LAN, and (2) exposing my systems to IP addresses that are addressable by anyone who sniffs for them. I’m certain that I don’t have appropriate safeguards for what happens when that avenue of attack succeeds against some system inside the residential firewall. How Is That Any Worse Than What We’ve Got? My point. We’ve been prepped to expect that IPv6 will solve our infrastructure (that is, basic Internet and IP) security problems as well as provide fixed addresses for every wandering mote on the planet. (I’m assuming that not everyone gets a block of addressses as big as Mr. Blog reports, or we’ll run out of those faster than IPv4 addresses.) Now that it looks like we don’t have to have a planetary Sunday in Sweden to switch over and some big bumps seem to have been smoothed out, let’s get the security and safety part down pat while we have the opportunity. That will take more than the common assertion that IPsec is the answer. I really don’t know what’s running in my residential router now, do I? Do you (in mine or yours)? Perhaps it is time to raise the bar on how we establish trustworthiness for those fixtures we’ve been accustomed to accepting without question. And then there’s the trustworthiness of the way we integrate all of this beneath the useful applications that is what we’re really interested in, and what that does to the vulnerability picture. I’m going to take my time on this one before I go skipping naked through the jungle that the Internet has become. I think I’ll keep those torches stacked near the cave mouth and be careful not to let the fire got out at night, thank you very much [;<).
|
||
|
You are navigating Orcmid's Lair. |
template
created 2004-06-17-20:01 -0700 (pdt)
by orcmid |