IPv6 Security Question
Can someone explain to me if my understanding of IPv6 is right.
With IPv6 as my local network, my Qnap would effectively be on the internet because there is no NAT function in IPv6.
My only protection would be obscurity due the quantity of addresses available in IPv6 and I would just have to hope that my Qnap didn't advertise itself or a hacker didn't get lucky?
If for instance, I had an old PC that needed lots of updates. With NAT on IPv4, I could connect it with reasonable confidence that it will be safe while I do the updates.
What would be my options on IPv6? As an IT tinkerer with no network training, understanding firewall configurations is difficult, especially as the same problem applies to testing it.
Is there an off the shelf IPv6 box that would protect local network devices? The PC only needs to be able to respond to addresses that it has initiated connections with and so give me similar protection as NAT.
I understand that the argument goes that every device should be secure and that the obscurity of so many addresses is security but the reality is that no devices are secure and when I open a web page, generally there can be 100+ servers referenced in scripts that now know my IPv6 address and so can now narrow down the range of my network.
I would be interested to know if my understanding is wrong and I should step away from my tin foil hat and what advice there is to secure a IPv6 local network to be sure it is as secure as it can be because, as an engineer, crossing my fingers and hoping is very unsatisfactory.
Biting the hand that feeds IT
