Doomed to Repeat with IPv6? Characterization of NAT-centric Security in SOHO Routers.

What is it about?

This survey paper takes a 20-year look at Network Address Translation as the primary security boundary protecting consumer home networks. In this paper we review how this NAT-centric security has enabled a common security baseline for consumers that is both familiar and simple. We further consider how automated policy configuration mechanisms have served to degrade this security boundary in order to draw lessons for IPv6. We conclude with a short assessment of IPv6 in consumer routers and find that many of the same pitfalls found in IPv4 NAT are being repeated, along with new exposures specific to IPv6 implementations.

Featured Image

Photo by Toa Heftiba on Unsplash

Photo by Toa Heftiba on Unsplash

Why is it important?

Consumers are rarely involved in managing their home networks. Therefore, baseline configuration of gateways which are both familiar and secure are tantamount to enabling security within the home environment. With IPv6 we are no longer required to follow a standard approach to gateway operation as manufacturers are left to choose between a closed-model (similar to IPv4 NAT) or and open-model (where the gateway only acts as a router and not a security device). This potential paradigm shift is likely to expose consumers and their home networks if we do not work to define a new secure baseline of operation for home gateways.