You know, Iljitsch van Beijnum posted here today, and it reminded me of a funny thing that keeps coming up if I speak to some people that took my how-to on securing your Mac serious. Iljitsch does a lot of articles on IPv6 over at Ars Technica and he’s written up quite a lot on it (in print too). Check out is website and his books.
For the uninitiated; we use IP numbers on a network as an address. The number space of IPv4 has shown to be too limited for our growth (if you want to read more into this, check this out).
IPv6 is, for the semi-geek, an extremely scary concept because it makes them feel like all their knowledge of networking will become obsolete. The ‘long and complex’ number system and all of it’s features (that are really, really much nicer to use than the old decimal ones once you get around it) are subject to much critique in any IPv6-related Slashdot post. Over and over again, it’s supposed ‘pitfalls’ are exposed. I was extremely surprised to find that when I spoke to some people that followed my how-to (which Iljitsch put on Ars Technica appropriately as “Make your Mac more secure (than you can stand)” ), that when I brought up using IPv6 with IPSec-enabled services is quite secure – more so than conventional IPv4, of course, they pointed me to my how-to, that told them to disable IPv6. I really slapped myself to the forehead when I heard that from more than three people who took it to the heart.
What I suggested is that you disable IPv6 if you don’t use it. IPv6 is pretty cool. It’s not a gaping security hole, but I touched on any hypothetical avenue for attack that you can take away from the default configuration. Who knows, there might be a zero-day exploit out there that does do nasty stuff but breaks if you disable IPv6 (which I strongly doubt – but it’s a quantum universe we live in). Please don’t hesitate to adopt IPv6 if you feel like learning about it. It’s knowledge that you will, no doubt, have to use in the future anyway.
So apparently, IPv6 has some identity issues. We really need to get rid of the negative image. KAME has been doing that well, as well as the “ASCII Star Wars in your terminal” server towel.blinkenlights.nl. However, let’s keep showing people that IPv6 isn’t all that scary, but i
t’s a great step into the future of our communication technologies. For that, a little icon.