Re: Only 5x IPv4 /8 remaining at IANA

[Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>]

On Mon, 18 Oct 2010 11:41:09 -0700
"George Bonser" <gbonser () seven com> wrote:

> > >
> > You are confusing SI with Packet Filters. The technologies are
> > different
> > and it is, also, important to understand this distinction as well.
>
> I don't think I am "confusing" the two.  I am saying that I have seen
> people use them and think they are secure when they aren't.  IPv6 is
> going to make it a little harder for people to make this mistake (or
> easier to make it, I haven't decided yet which way it will go) and you
> will see more people purchasing equipment that does real state
> inspection which is my reason for predicting an increase in firewall
> sales.  They won't have that dynamic NAT that lulls some into a false
> sense of security.
>
> Also, I believe the "fire suit" approach will become more important to
> people rather than the "fire wall" approach with IPv6.

That's a great way of saying "host based security". With mobile
Internet devices (smart phones, laptops (which outsold desktops last
year apparently) etc.) becoming the dominant Internet access device, I
think host based firewalling will become the primary "firewalling"
mechanism. Network located firewalls will perform a secondary and
assistant role, because hosts can't be sure they're there when the
hosts have wired, wifi, bluetooth etc. interfaces that can all be
actively connected to the Internet at the same time.

Regards,
Mark.