RE: [fw-wiz] NAT Pseudo Security
From: Frank Knobbe (frank_at_knobbe.us)
Date: 05/05/04
- Previous message: Patrick M. Hausen: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: Ben Nagy: "RE: [fw-wiz] NAT Pseudo Security"
- Next in thread: Paul D. Robertson: "RE: [fw-wiz] NAT Pseudo Security"
- Reply: Paul D. Robertson: "RE: [fw-wiz] NAT Pseudo Security"
- Reply: David Lang: "RE: [fw-wiz] NAT Pseudo Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ben Nagy <ben@iagu.net> Date: Wed, 05 May 2004 15:24:15 -0500
On Wed, 2004-05-05 at 02:49, Ben Nagy wrote:
> Here are Paul, Mike and I rehashing the saaaame argument in 2002, two years
> after the thread Mike notes - even with a déjà vu reference to the older
> thread. Irony. :/
Hey Ben,
I prefer people pull out old topics and discuss them fresh from time to
time. While a FAQ is useful for guiding those that seek knowledge, I
think it's very important that we periodically review those things that
we hammered in stone a few years ago. The chances that we see it in a
different light, or have new thoughts on it, are well worth the
rehashing.
What was fascinating about this post was that the OP asked if NAT is
enough of a security measure, but then began to describe what sounded
like a firewall. Apparently there was a disconnect between the concepts
of NAT (as in plain-dumb-router-style NAT) and a product that does NAT
(like a SOHO firewall). At least that's what how it appeared to me just
before I hit CTRL-D. Perhaps I misread the post.
Anyhow, let's not complain if someone brings up old topics, but take a
minute to look at it again, and either nod approvingly or go "hey,
here's a new thought". Remember, the risks of TCP resets were discussed
decades ago, and we just now got around to improving router security.
:)
Cheers,
Frank
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Patrick M. Hausen: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: Ben Nagy: "RE: [fw-wiz] NAT Pseudo Security"
- Next in thread: Paul D. Robertson: "RE: [fw-wiz] NAT Pseudo Security"
- Reply: Paul D. Robertson: "RE: [fw-wiz] NAT Pseudo Security"
- Reply: David Lang: "RE: [fw-wiz] NAT Pseudo Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
