[134621] in North American Network Operators' Group
Re: IPv6 - real vs theoretical problems
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Jan 7 21:49:44 2011
In-Reply-To: <8D806878-5D6E-4ABB-BDD9-9E6A58F33D77@arbor.net>
From: William Herrin <bill@herrin.us>
Date: Fri, 7 Jan 2011 21:49:15 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: Nanog Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
> On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
>> I presume you don't intend us to conclude that a bastion
>> host firewall provides no security benefit to the equipment it
>> protects.
>
> If it's protecting workstations, yes, it has some positive security value=
- but not due to NAT.
Hi Roland,
I see. Would I misstate your view if I characterized it as:
"A bastion host firewall which simulates identical IP addresses on
both sides provides at least as effective security as an otherwise
identical firewall which does not."
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
