[134968] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Jan 13 12:58:15 2011
In-Reply-To: <25C8C42F-7545-484B-BA79-E788915BAD33@arbor.net>
From: William Herrin <bill@herrin.us>
Date: Thu, 13 Jan 2011 12:56:58 -0500
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: "nanog@nanog.orglist" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 13, 2011 at 11:54 AM, Dobbins, Roland <rdobbins@arbor.net> wrot=
e:
> On Jan 13, 2011, at 9:59 AM, Jack Bates wrote:
>> The proxy capabilities of the firewall are additional security
>> measures on top of the NAT (and definitely should be
>> deployed for their higher security value).
>
> Not in front of servers, they shouldn't - because they have a negative se=
curity value in that context.
So all the folks who use reverse proxies like an http accellerator are wron=
g?
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
