One recurring argument against implementing IPv6 in campus networks is the absence of Network Address Translation (NAT). While NAT is perceived as a security mechanism in IPv4, we need to rethink our approach when working with IPv6. Instead of relying on NAT, we can leverage firewalls to safeguard endpoints. In IPv6, every device receives a routable address. To protect endpoints effectively, we require firewalls to filter unwanted traffic. But what if we could stop such traffic at the source? Could this approach convince more people toward adopting IPv6? According to RFC 7381: “In a /48 assignment, typical for a site, there are then still 65,535 /64 blocks.” and “All user access networks should be a /64.” Can we use then bit 63 to convey a message: “I don’t want any incoming traffic initiated towards me!!!”? Of course response would be accepted. We could divide the /64 allocations into two groups: one for servers, and these accept incoming traffic (bi...
In November last year (2020) CompTIA released a new version of Security+ course. I had a chance to deliver the training recently and I would like to share with you my thoughts. Before I dive into details it is good to know the prerequisites and its objectives. There are many security trainings out there and before attending it, you should know, which one is for you. CompTIA Security+ is entry level training in the cybersecurity domain. There are no strict prerequisites but you are encourage to know topics covered in A+ and Network+. You do not need to attend the course or pass the exam, knowledge and experience are more important. Before planning the exam you should review A+ and Network+ exam objectives: https://www.comptia.org/training/resources/exam-objectives The updated version has 21 lessons which cover basics, threats, cryptography, risk assessment, identity management, network security appliances, secure network protoco...