-=> On 01-25-19 23:46, Victor Sudakov wrote to All <=-   
      
    VS> Dear All,   
      
    VS> With the proliferation of IPv6 I hear more and more often that NAT is a   
    VS> great security mechanism because it hides your intranet infrastructure   
    VS> from outsiders, and how unfit IPv6 is for enterprise networks because   
    VS> it lacks the notion of NAT which makes IPv6 networks so very very much   
    VS> insecure.   
      
    VS> Do you have good conter-arguments?   
      
   NAT was never intended as a security mechanism, and it does nothing more than a   
   goof packet filter could do.   
      
    VS> Indeed, in some corporate networks I've seen, the use of the RFC1918   
    VS> address space is written into security guidelines as a requirement.   
      
    VS> Then again, as I come to think of it, even if your IPv6 intranet has a   
    VS> good firewall on the border, your internal network addresses are still   
    VS> exposed to the Internet. Is that a problem?   
      
   If your firewall is blocking traffic, you can hardly say you're exposed.   
      
   NAT still creates a lot of problems, ask anyone who'd wrestled with port   
   forwarding, to try and get services opened to the Internet.   
      
      
   ... Each experiment, success or failure, is a learning experience.   
   === MultiMail/Win v0.51   
   --- SBBSecho 3.03-Linux   
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)