Is NAT can provide some kind of protection?
Jack Bates
jbates at brightok.net
Wed Jan 12 18:03:29 UTC 2011
On 1/12/2011 11:57 AM, Steven Kurylo wrote:
> Some benefit? Yes. Enough benefit to be worth the trouble? I
> personally am not convinced.
>
Some people believe it is. Who am I to tell them how to run their
network? They block facebook and yahoo. I, unfortunately, can't. :)
> Considering the amount of people who mistake the amount of security
> NAT provides, we're probably better off without it to remove that
> false sense of security.
People will then have a false sense of security with stateful firewalls
that perform no better than NAT, just without the address translation.
The type of stateful firewall with or without address translation will
not suddenly make people become wiser and implement better security
policies. Vendors will always make a cheap setup which people will use
and consider themselves secure.
Jack
More information about the NANOG
mailing list