Skip to main content

Balanced Security for IPv6 Residential CPE
draft-ietf-v6ops-balanced-ipv6-security-01

Document Type Expired Internet-Draft (v6ops WG)
Expired & archived
Authors Martin Gysi, Guillaume Leclanche , Éric Vyncke , Ragnar Anfinsen
Last updated 2024-08-05 (Latest revision 2013-12-06)
Replaces draft-v6ops-vyncke-balanced-ipv6-security
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Reviews
Additional resources Mailing list discussion
Stream WG state Dead WG Document
Other - see Comment Log
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document describes how an IPv6 residential Customer Premise Equipment (CPE) can have a balanced security policy that allows for a mostly end-to-end connectivity while keeping the major threats outside of the home. It is documenting an existing IPv6 deployment by Swisscom and allows all packets inbound/outbound EXCEPT for some layer-4 ports where attacks and vulnerabilities (such as weak passwords) are well-known. The policy is a proposed set of rules that can be used as a default setting. The set of blocked inbound and outbound ports is expected to be updated as threats come and go.

Authors

Martin Gysi
Guillaume Leclanche
Éric Vyncke
Ragnar Anfinsen

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)