RE: [fw-wiz] NAT Pseudo Security

From: Frank Knobbe (frank_at_knobbe.us)
Date: 05/05/04

  • Next message: Vin McLellan: "Re: [fw-wiz] Obtaining a US Govt Security Clearance"
    To: Ben Nagy <ben@iagu.net>
    Date: Wed, 05 May 2004 15:24:15 -0500
    
    
    

    On Wed, 2004-05-05 at 02:49, Ben Nagy wrote:
    > Here are Paul, Mike and I rehashing the saaaame argument in 2002, two years
    > after the thread Mike notes - even with a déjà vu reference to the older
    > thread. Irony. :/

    Hey Ben,

    I prefer people pull out old topics and discuss them fresh from time to
    time. While a FAQ is useful for guiding those that seek knowledge, I
    think it's very important that we periodically review those things that
    we hammered in stone a few years ago. The chances that we see it in a
    different light, or have new thoughts on it, are well worth the
    rehashing.

    What was fascinating about this post was that the OP asked if NAT is
    enough of a security measure, but then began to describe what sounded
    like a firewall. Apparently there was a disconnect between the concepts
    of NAT (as in plain-dumb-router-style NAT) and a product that does NAT
    (like a SOHO firewall). At least that's what how it appeared to me just
    before I hit CTRL-D. Perhaps I misread the post.

    Anyhow, let's not complain if someone brings up old topics, but take a
    minute to look at it again, and either nod approvingly or go "hey,
    here's a new thought". Remember, the risks of TCP resets were discussed
    decades ago, and we just now got around to improving router security.
    :)

    Cheers,
    Frank

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Vin McLellan: "Re: [fw-wiz] Obtaining a US Govt Security Clearance"

    Relevant Pages

    • Re: 2 LANS on 1 DSL
      ... > I'm playing around with aliasing and checking out the different NAT ... Packet filters rules can be applied to the aliased nets. ... Mike ...
      (comp.security.firewalls)
    • Re: DNS for Idiots...
      ... > NAT addresses, but are mainly for public use. ... > AD domain & it's own dns server, so I'm not sure why we'd ... Mike did my post not make it to your news server? ...
      (microsoft.public.win2000.dns)
    • Re: bridging multiple interfaces
      ... ext Manuel Rabade (MiG) wrote: ... I'm using the NAT on the ADSL router, because that's the only public IP ...
      (freebsd-questions)
    • Re: ADSL connection dropping randomly
      ... Mike> block. ... Note that I avoid your ... Mike> of a router should be put up against the wall and shot. ... Once again, NAT!= security, and a device behind NAT is still exposed to a ...
      (comp.security.ssh)