Hello Victor!   
      
   Jan 25 23:46 2019, Victor Sudakov wrote to All:   
      
    VS> With the proliferation of IPv6 I hear more and more often that NAT is    
    VS> a great security mechanism because it hides your intranet    
    VS> infrastructure from outsiders,   
      
   There's a lot of misunderstanding of NAT and security. The typical case is   
   that NAT is done by a dedicated firewall or a router with firewall features,   
   i.e. the firewall/router does packet filtering and NAT. So a lot of people   
   think that NAT implies security, but it doesn't. NAT is exactly what the   
   acronym says: network address translation. An 1:1 NAT simply translates one   
   address or subnet to another. How could that provide any security? What you   
   need is packet filtering (plus proxies and so on).    
      
    VS> infrastructure from outsiders, and how unfit IPv6 is for enterprise          
    VS> networks because it lacks the notion of NAT which makes IPv6 networks        
    VS> so very very much insecure.   
      
   There's also NAT for IPv6. BTW, IPv6 has a nice feature called Privacy   
   Extensions to automatically change IP addresses regularly.    
      
   ciao,   
   Markus   
      
   ---    
    * Origin: *** theca tabellaria *** (2:240/1661)