Monday, May 11, 2015

construction

Working on a site out of town.   Learning many new things.  The crash course in PPPOE was interesting.

Routing and Switching class final is tomorrow.  Need to schedule the CCENT for about 2 weeks from then.  That should give me enough time, without being too much time.

I think I've come to the conclusion that IPv6 will permanently be a WAN interface technology, while the world uses dual stack routers to NAT into IPv4 private addresses.  

One bad tracert and a nefarious person could find your entire inner networking scheme.  But that doesn't work if NAT is involved.  The door shuts at the front door, and not somewhere inside.  That's really the problem with globally routable IP addresses inside your network.  If you don't have tracert blocked, you'll end up giving away your entire network structure.

It's not the "one shot, one kill" approach to network security.  There isn't such a thing.  There is only security in depth.   Walls and trenches and gates and guards and ACLs and NAT and every other thing you can possibly through between you and the outside world.  Maybe some machine gun nests and razor wire, as well.

No comments:

Post a Comment