Arguing against using public IP space

• Previous message (by thread): Arguing against using public IP space
• Next message (by thread): Arguing against using public IP space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 Nov 2011 17:16:23 GMT, Leigh Porter said:
> Quite right.. I bet all Iran's nuclear facilities have air gaps but they let
> people in with laptops and USB sticks.

And that's the point - *most* networks have so many bigger issues that the
whole "NAT makes us secure" mantra is dangerous self-delusion.

If you have machines in the NAT area where you're actually concerned that "ZOMG
the firewall might fail and expose them", why aren't they airgapped? As the
Iranians discovered, if the attacker gets a foothold inside the NAT you're
screwed anyhow, and *that* is probably a lot more likely scenario than a
fail-open firewall..



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111115/2f1b40bc/attachment.sig>

• Previous message (by thread): Arguing against using public IP space
• Next message (by thread): Arguing against using public IP space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]