I spent most of the last couple of days studying Cisco Introduction to Networks material. The chapter on IP addressing was incredibly dense. I ended up taking 25 pages of written notes during the entire thing.
I think what I learned from all of it is the future of the Internet is in the hands of two distinctly different people with distinctly different goals. One wants unlimited access to everything and no security. The other wants security.
There was a time when the Internet was time when the Internet was this wild, woolly place of hope and adventure. It was the great playground of intellectuals and only those in the know could manipulate the world. Which was great in theory, but not in practice. Eventually you ran into a human problem, not a technology problem.
I guess it narrows down to the simple fact that people want to get paid for their work. And the other group believes the Internet should be a free trading ground of ideas. I think both ideas are capable, but designing the Internet towards one or the other is short-sighted.
From a security standpoint, the argument is that with IPv6, you should use normal router and device hardening techniques and that should be fine. That idea was designed by someone who never had to protect a network, or anything for that matter. Security wise, you should always design for security in depth. There should be multiple, complimentary levels of security. Combining router hardening with NAT and PAT, VLANs, VPNs, network obfuscation and no DHCP pool and you've got the beginnings of security. I said beginnings, because each technology has its failings.
It's a big blue marble out there, and a lot of cooks with different plans make for an interesting mix.
No comments:
Post a Comment