Is NAT can provide some kind of protection?

Jack Bates jbates at brightok.net
Wed Jan 12 12:03:29 CST 2011


On 1/12/2011 11:57 AM, Steven Kurylo wrote:

> Some benefit?  Yes.  Enough benefit to be worth the trouble?  I
> personally am not convinced.
>

Some people believe it is. Who am I to tell them how to run their 
network? They block facebook and yahoo. I, unfortunately, can't. :)

> Considering the amount of people who mistake the amount of security
> NAT provides, we're probably better off without it to remove that
> false sense of security.

People will then have a false sense of security with stateful firewalls 
that perform no better than NAT, just without the address translation. 
The type of stateful firewall with or without address translation will 
not suddenly make people become wiser and implement better security 
policies. Vendors will always make a cheap setup which people will use 
and consider themselves secure.

Jack




More information about the NANOG mailing list