Is NAT can provide some kind of protection?

• Previous message (by thread): Is NAT can provide some kind of protection?
• Next message (by thread): Is NAT can provide some kind of protection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jan 12, 2011, at 11:21 AM, Paul Ferguson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, Jan 12, 2011 at 11:09 AM, Owen DeLong <owen at delong.com> wrote:
> 
>> No, NAT doesn't provide additional security. The stateful inspection that
>> NAT cannot operate without provides the security. Take away the
>> address mangling and the stateful inspection still provides the same
>> level of security.
>> 
> 
> There is a least one situation where NAT *does* provide a small amount of
> necessary security.
> 
> Try this at home, with/without NAT:
> 
> 1. Buy a new PC with Windows installed
> 2. Install all security patches needed since the OS was installed
> 
> Without NAT, you're unpatched PC will get infected in less than 1 minute.
> 
Wrong.

Repeat the experiment with stateful firewall with default inbound deny and no NAT.

Yep... Same results as NAT.

NAT != security. Stateful inspection = some security.

Next!!

Owen

• Previous message (by thread): Is NAT can provide some kind of protection?
• Next message (by thread): Is NAT can provide some kind of protection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]