[134864] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Jan 12 14:21:31 2011
In-Reply-To: <21ADBBE3-8A9C-4EC1-BAE3-1997925E6826@delong.com>
Date: Wed, 12 Jan 2011 11:21:24 -0800
From: Paul Ferguson <fergdawgster@gmail.com>
To: Owen DeLong <owen@delong.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Jan 12, 2011 at 11:09 AM, Owen DeLong <owen@delong.com> wrote:
> No, NAT doesn't provide additional security. The stateful inspection that
> NAT cannot operate without provides the security. Take away the
> address mangling and the stateful inspection still provides the same
> level of security.
>
There is a least one situation where NAT *does* provide a small amount of
necessary security.
Try this at home, with/without NAT:
1. Buy a new PC with Windows installed
2. Install all security patches needed since the OS was installed
Without NAT, you're unpatched PC will get infected in less than 1 minute.
Cheers,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFNLf8gq1pz9mNUZTMRAjduAJ4w7az13wwn1zsze0DoLTRvOajxxQCgmWMG
ZckeFBpLWyoqG/g9iD2cKIk=3D
=3DyYof
-----END PGP SIGNATURE-----
--=20
"Fergie", a.k.a. Paul Ferguson
=A0Engineering Architecture for the Internet
=A0fergdawgster(at)gmail.com
=A0ferg's tech blog: http://fergdawg.blogspot.com/
