I went in to this one with a fair amount of skepticism. My worries were more than verified.
IPv6 isn’t insecure because you don’t understand it, and your antiquated tools don’t work with it.
ZOMG, there’s a separate deprecated Linux firewall tool for dealing with IPv6!!1!
So write rulesets that deal with that difference.
WTF, my segment scanning tools don’t work the same way they do with the one-true-IP ™.
The v4 network stack was introduced in the Nixon Administration. My parents, half of whom are now dead, weren’t even married.
YHGTBFKM; you can alias almost any address.
Really.
One of the guys actually tried articulating that PAT (probably not NAT, guy. Maybe if you’d paid any attention in your networking classes, you’d know that).
What PAT does do is allow you to effectively wall-off your enclave to “protect” the assets inside it. You can do the same thing with a v6 netblock, too. One of the things I frequently listen to is very concerned about the “5G revolution,” and how it might allow the Chinese to control everything inside the US. Um, no. Any network security guy who’s paying attention can block things going out just as easily as he blocks things coming in.
I guess my message is: learn how to track things other than IPv4, and write your filtering rules on traffic both ways.