Re: [fw-wiz] NAT Pseudo Security
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 05/05/04
- Previous message: Rogan Dawes: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: salgak_at_speakeasy.net: "Re: [fw-wiz] NAT Pseudo Security"
- Next in thread: Melson, Paul: "RE: [fw-wiz] NAT Pseudo Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: salgak@speakeasy.net Date: Wed, 5 May 2004 12:19:25 -0400 (EDT)
one of the main tenents of security is the approach of layering in
security, not relying upon just one application/package/approach, as
security is a wedge or afterthought addon, it was not and remains not
something built into tcp/ip. Thus, relying upon one method or layer of
'protection' might not fully protect the assets at risk. NAT iis but one
method or layer, and should be reinforced with additional measures to
protect the assets being guarded. Also, NAT alone will not protect your
neighbors should your systems get trojaned or hit with the latest flurry
of nasty-mail viruses floating about.
Thanks,
Ron DuFresne
On Tue, 4 May 2004 salgak@speakeasy.net wrote:
> > -----Original Message-----
> > From: Lee T. Christie [mailto:Lee.Christie@mosaicinfo.org]
> > Sent: Tuesday, May 4, 2004 02:25 PM
> > To: firewall-wizards@honor.icsalabs.com
> > Subject: [fw-wiz] NAT Pseudo Security
> >
> > I was wondering what everyone's thoughts were utilizing NAT as your only
> > security mechanism, for protection from the Internet. I realize that NAT was
> > not designed for security purposes. For instance, if network A is connecting
> > to the Internet behind a router performing NAT, no incoming address or port
> > forwarding, what are my risks, from outside hosts? The way I see it by
> > implementing a SOHO firewall I gain a) Ingress and Egress packet control b)
> > Statefull inspection or proxy inspection c) A potentially hardened OS on the
> > unit d) Logging and Reporting e) Secure management
>
> In my year at a dot-com, I came in to find NAT was being used as a firewall. I fixed THAT shortly after I took over as admin. I also replaced Symantec with SOPHOS, as our subscription was ending and at the time, an auto-update function of Symantec corporate had the nasty habit of crashing our domain controller. . . .
>
> ANY firewall is better than NO firewall, period. . .
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Rogan Dawes: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: salgak_at_speakeasy.net: "Re: [fw-wiz] NAT Pseudo Security"
- Next in thread: Melson, Paul: "RE: [fw-wiz] NAT Pseudo Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
