[e2e] CISCO AIMS FOR IPV6 FIREWALLS
jshen_cad at yahoo.com.cn
Wed Jul 2 01:57:22 PDT 2003
why do you think this asks IPSEC traffic to expose its content to others?
What interests me in this news is: how could e2e priciple account for increasing demands from goverment( or enterprise) to set up checkpoint across network while mainteining high performance?
Is that easy to maintein flexibility, scalability and the "freedom" while providing what government asks?
"David P. Reed" <dpreed at reed.com> wrote:
One more brick in the wall, the news story below tells us that major vendors continue to create damage to be routed around.
One could have hoped that in creating the IPv6 stacks of end systems, vendor OS stacks and apps would be properly authenticated using IPSEC, thus eliminating the need for (and ability to implement) firewalls that must read payload content as if they knew what it meant.
But alas, and to my great sadness, that was not to be. Instead Cisco adopts the maze of twisty little passages approach, and continues to encourage balkanization of the Internet. I presume that these firewalls will demand that IPSEC traffic expose its content before being allowed passage so instead of being more secure, the traffic gets less secure.
By 2006, I suspect there will be no "Inter" net to speak of. Only a collection of nets that cannot send data to each other.
CISCO AIMS FOR IPV6 FIREWALLS
Posted June 27, 2003 4:44 PM Pacific Time
Attacking one of the key problems early adopters have had
with IPv6 (Internet Protocol Version 6), Cisco plans to
beef up security, adding support for stateful packet
filtering of IPv6 traffic to its software and hardware
firewall products in the first half of next year.
The dominant maker of Internet routers, also a major vendor
of firewalls, provided that statement of direction at the
North American IPv6 Global Summit, held this week in San
Diego. Cisco demonstrated the filtering capability in its
IOS (Internetwork Operating System) firewall at the
conference, said Patrick Grossetete, Cisco IOS IPv6 product manager, in an interview from the conference.
For the full story: http://www.infoworld.com/article/03/06/27/HNfirewallscisco_1.html
State Key Lab of CAD&CG
HangZhou, ZheJiang Province 310027
Do You Yahoo!?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the end2end-interest