Disabling ipv6

[Fernando Lozano]

Hi,

> > > disabling IPv6 everywhere is the *right* thing to do for
> > > many companies. if you don't have the need, don't have the
> knowledge and
> > > your hardware/software doesn't support it well, IPv6 is not only
> > > overhead with no added value but also may present a significant
> security
> > > risk. Just like you should disable any system service (specially
> network
> > > services) that you don't need to reduce a hacker attack surface on
> your
> > > network and servers.
> >
> Is it possible to give the end-user the option whether to go IVP4 or IPV6?
>

I haven't found yet an OS clearly showing how to disable IPv6 in a way
most non-techinical users can find. But all them have this option
somewhere, alongside other "esotheric" options like level 2 security.

Given IPv6 current state, where many vulnerabilities are related to
autoconfiguration for home and small networks, and given the fact many
ISPs still doesn't support IPv6 at all, IMHO the default setting should
be IPv6 disabled. Any end user or sysadmin should take action only to
enable IPv6, not to remove the threads it represents today.

Actually having IPv6 enabled by default is against security best
practices. But even security experts forget this because everyone wants
to lobby for broader IPv6 adoption. The end user pays the price for
technologican evolution.


[]s, Fernando Lozano