RE: [fw-wiz] NAT Pseudo Security

From: Frank Knobbe (frank_at_knobbe.us)
Date: 05/05/04

  • Next message: Vin McLellan: "Re: [fw-wiz] Obtaining a US Govt Security Clearance"
    To: Ben Nagy <ben@iagu.net>
    Date: Wed, 05 May 2004 15:24:15 -0500
    
    
    

    On Wed, 2004-05-05 at 02:49, Ben Nagy wrote:
    > Here are Paul, Mike and I rehashing the saaaame argument in 2002, two years
    > after the thread Mike notes - even with a déjà vu reference to the older
    > thread. Irony. :/

    Hey Ben,

    I prefer people pull out old topics and discuss them fresh from time to
    time. While a FAQ is useful for guiding those that seek knowledge, I
    think it's very important that we periodically review those things that
    we hammered in stone a few years ago. The chances that we see it in a
    different light, or have new thoughts on it, are well worth the
    rehashing.

    What was fascinating about this post was that the OP asked if NAT is
    enough of a security measure, but then began to describe what sounded
    like a firewall. Apparently there was a disconnect between the concepts
    of NAT (as in plain-dumb-router-style NAT) and a product that does NAT
    (like a SOHO firewall). At least that's what how it appeared to me just
    before I hit CTRL-D. Perhaps I misread the post.

    Anyhow, let's not complain if someone brings up old topics, but take a
    minute to look at it again, and either nod approvingly or go "hey,
    here's a new thought". Remember, the risks of TCP resets were discussed
    decades ago, and we just now got around to improving router security.
    :)

    Cheers,
    Frank

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Vin McLellan: "Re: [fw-wiz] Obtaining a US Govt Security Clearance"