[134944] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Justin Scott)
Thu Jan 13 00:03:31 2011
In-Reply-To: <2FAD474E-E339-46B3-9A46-7561DB518CCB@arbor.net>
Date: Thu, 13 Jan 2011 00:02:36 -0500
From: Justin Scott <leviathan@darktech.org>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Unfortunately there are some sets of requirements which require this
type of configuration. The PCI-DSS comes to mind for those who deal
with credit card transactions.
-Justin
On Wednesday, January 12, 2011, Dobbins, Roland <rdobbins@arbor.net> wrote:
>
> On Mar 21, 2007, at 5:41 AM, Tarig Ahmed wrote:
>
>> Security guy told me is not correct to assign public ip to a server, it =
should have private ip for security reasons.
>
> He's wrong.
>
>> Is it true that NAT can provide more security?
>
>
> No, it makes things worse from an availability perspective. =A0Servers sh=
ould never be NATted or placed behind a stateful firewall.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
>
> =A0 =A0 =A0 =A0 =A0 =A0 Sell your computer and buy a guitar.
>
>
>
>
>
