Posted May 10, 2011 8:18 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
The changes will take years, so there'll be plenty of time for security to evolve. But we now have foundation for it.
Posted May 10, 2011 9:55 UTC (Tue) by paulj (subscriber, #341)
Posted May 10, 2011 11:50 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
And corporate networks will benefit from end-to-end security most, so I expect that they'll migrate to IPsec even before home users.
Posted May 10, 2011 17:35 UTC (Tue) by dlang (subscriber, #313)
Posted May 10, 2011 17:41 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
Besides, it's not like I can't make an HTTPS tunnel which can pierce all but the most paranoid firewalls right now. Skype does this, for example.
Posted May 10, 2011 21:37 UTC (Tue) by Tobu (subscriber, #24111)
Posted May 10, 2011 21:45 UTC (Tue) by raven667 (subscriber, #5198)
Posted May 19, 2011 18:40 UTC (Thu) by oelewapperke (guest, #74309)
And it's perfectly secure.
Posted May 23, 2011 4:24 UTC (Mon) by RobertBrockway (guest, #48927)
Posted May 11, 2011 18:36 UTC (Wed) by Baylink (guest, #755)
The problem with utopias is that it only takes *one* Bad Guy to fuck things up for the rest of us.
"That's not a feature, that's a bug."
Posted May 12, 2011 13:42 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
Posted May 19, 2011 18:46 UTC (Thu) by oelewapperke (guest, #74309)
It kinda does solve a lot of problems.
I mean, I hate nat just like the next guy. But you won't get anywhere by declaring it doesn't solve anything. You'll be just like gaia idiots screaming before the capitol to get America off oil, not realizing they're basically asking America to cut it's economy by 95% or more. Not going to happen (and it's a *good* thing we don't honor such requests)
NAT is a beautifully simple solution. And it is possible to modify just about any protocol to work with nat. I fear nat and ipv4 may be here to stay.
Certainly converting RIPE, APNIC and AFRINIC over to ARIN rules would give us another 10 years easily. Saying "an IP will cost you $0.01 per year" will get us another 100 years.
Posted May 19, 2011 19:11 UTC (Thu) by nybble41 (subscriber, #55106)
Anyway, most home routers aren't much more secure with NAT, since they allow ports to be forwarded via UPnP requests. If you're running a server and opening forwarding ports with UPnP you might as well permit direct access; if not, blocking the connection at the server (because the port is closed) is just as effective as blocking it at the firewall. An effective firewall must be configured by the network administrator to accept or reject specific traffic, not simply permit incoming connections to any local server that asks politely while blocking the ones which would have been rejected anyway.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds