On 3/25/14, 3:46 PM, Andrew Gilmore wrote:
Had our IT folks explain that this 3+ year old push is now gaining
traction at my agency.
http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/transition-to-ipv6.pdf
FWIW, RHT did USGv6 compliance back in 2012:
- PR @ http://investors.redhat.com/releasedetail.cfm?releaseid=716806
- Detailed tech listing @
https://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php?company=6164&type=Host#eqplist
Are the security concerns around IPV6 about the maturity of the
protocol stack, or the reduced utility of NAT, or?
These sites cover most of the arguments I've heard:
"4 IPv6 Security Fallacies"
http://www.networkcomputing.com/ipv6/4-ipv6-security-fallacies/240159771
"7 IPv6 Security Risks"
http://www.esecurityplanet.com/network-security/7-ipv6-security-risks.html
Then, once you have the "negative" perspectives/arguments from the above
URLs, a good overview was released by SANS:
https://www.sans.org/reading-room/whitepapers/protocols/security-features-ipv6-380
In full disclosure, I've only had a single project deal with IPv6. And
it was for a small, closed off network, over a year ago. At the time the
environmental ecosystem of IPv6 was immature. Our SIEM didn't recognize
IPv6 addresses well, so event correlation was frustrating. Beyond that
we had little problems, however we didn't have a massive or complicated
environment.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
