From what I understood, NAT would not be needed at all with IPv6.The absence of NAT is one of the reasons for poor adoption of IPv6. We learned in the '90s that putting every machine on the Internet with a public IP is a really bad idea.
That was the perception in the late '90s and indeed how IPv6 was designed. Then more and more Windows machines started to get on the Internet with hilarious results.From what I understood, NAT would not be needed at all with IPv6.
I agree. But then, isn't it a systemically bad approach to boggle the lower level designs (interconnectivity) due to security weaknesses of some upper level instances (windows systems)?That was the perception in the late '90s and indeed how IPv6 was designed. Then more and more Windows machines started to get on the Internet with hilarious results.
The '90s way is making something of a comeback with the defense in depth stuff, but that's not practical yet if you don't have a dedicated team of security professionals working on it.
Edit: In Windows' defense, it wasn't designed to be connected to a worldwide internetwork. Even LAN support was kinda grafted on after the fact. What happened is not at all surprising in retrospect.
With all respect, that's bad style of arguing. If it's so obvious & easy, you could come up with just a few cues, which would be enough to correct any misconception that an informed reader might have. I know you're not elitarian, but some of your statements could give other readers the impression that you are.LOL. Seriously. Do a 2-minutes research, Google is enough.
"No plan survives first contact with the enemy"I agree. But then, isn't it a systemically bad approach to boggle the lower level designs (interconnectivity) due to security weaknesses of some upper level instances (windows systems)?
I agree in principle, but in practice bugs happen. For example, I run Nextcloud on my internal network, but I don't trust it enough (yet) to expose it to the Internet. It's possible that an attacker could set up a tunnel into my internal network using Upnp or "full cone NAT" and thereby expose my Nextcloud to the Internet.I agree. But then, isn't it a systemically bad approach to boggle the lower level designs (interconnectivity) due to security weaknesses of some upper level instances (windows systems)?
And think of all that IoT stuff.It's possible that an attacker could set up a tunnel into my internal network using Upnp or "full cone NAT" and thereby expose my Nextcloud to the Internet.
I try to avoid that stuff as much as possible, but I have a family and they like the shiny. But I do need to isolate all that stuff in its own network.And think of all that IoT stuff.
Elitism would be, for example, to put someone down for asking "stupid questions". Insisting on something while literally ONE quick request on Google will show tons of resources explaining how this is wrong is a whole other story, and I politely refuse to play this silly game.I know you're not elitarian, but some of your statements could give other readers the impression that you are.
It would take you about the same time to just type in a few keywords/cues than you need to type in this answer about "this silly game". BTW I'd like to note that I consider to prefer DuckDuckGo instead of Giggle should be natural on a FreeBSD forum; not only IIRC it runs on FreeBSD, it's also driven by FreeBSD freaks? Back on topic, I'm currently reading NAT Router Security Solutions, that was among the 1st in the list ddg gave me.Elitism would be, for example, to put someone down for asking "stupid questions". Insisting on something while literally ONE quick request on Google will show tons of resources explaining how this is wrong is a whole other story, and I politely refuse to play this silly game.
Thx. Then would you be so kind & generous & point me to a more reliable source of information?Hm, it's on GRC. This is known for decades as a prime source of internet "security" myths. Famous for its "stealth firewall" nonsense. Random rant about this "expert site": https://www.wilderssecurity.com/thr...-stealth-firewall-test-or-harmful-fud.216892/