Block all servers?

• Previous message (by thread): Block all servers?
• Next message (by thread): Block all servers?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Adam Selene wrote:

>>NAT is more expensive to produce, so it should be an optional 
>>premium service, and that seems to be more and more the case.
>>    
>>
>
>Not necessarily when you consider the cost (in bandwidth,
>network reliability and support staff) imposed by worms and kiddies
>from other networks scanning your IP space for unsecured machines.
>
>  
>
NAT boxes are quite unreliable, specially large ones. If you say "put 
100000 small ones instead",
that really sounds a support nightmare. And you can filter without 
having NAT.
(a long time ago NAT was thought to be a security mechanism, that has 
fortunately
mostly died out)

>That's not even to mention the cost imposed by compromised systems.
>Even if NAT only reduces compromised systems by 20%, that's a
>cost savings.
>
>  
>
For the price of a large NAT box, you can buy better security mitigation 
products
which would allow you to get the wilful spammers, trojaned machines, 
etc. which
are not saved by your magic box.

>Given that most edge hardware supports NAT, the additional cost
>is nominal.
>
>  
>
My operational experience tells quite a different story.

>Getting IP space allocation is not without cost either.
>
>  
>
That´s nothing compared to the people complaining about their applications
not working because you want to break their packets.

Pete

• Previous message (by thread): Block all servers?
• Next message (by thread): Block all servers?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]