中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeNetworking TechnologiesNetworking TCP/IPAn IPv6 Deployment Guide Chapter 9: Security issues in an IPv6 based networking environment

9.2.1.3 Internet-firewall/router (edge device)-protected network architecture


Additional requirements:

• Must both support what is necessary for the previous two architecture (Router Solicitation,Router Announcement, and Dynamic routing filtering)

This is a rather powerful architecture, since it allows concentrating both the routing and the security policy in one device; however this concentration makes the particular architecture less susceptible to the security problems:

• More functionality should be integrated into one device. That makes it more complex and opens the possibility of more security problems
• Since it is only one device the principle of security: protect your network/service with more than one asset, cannot be fulfilled.

This setup is very common in home or small office environments, where a single xDSL, or cable router provides connectivity and in the same time enforces the security policy defined by the network administrator.
‹ 9.2.1.2 Internet-firewall-router-protected network architectureup9.2.2 ICMP Filtering(1) ›