[36546] in North American Network Operators' Group
RE: Getting a "portable" /19 or /20
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Tue Apr 10 16:29:17 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F092286039E3E@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Greg Maxwell' <gmaxwell@martin.fl.us>,
Stephen Sprunk <stephen@sprunk.org>
Cc: "Eric A. Hall" <ehall@ehsco.com>,
Roeland Meyer <rmeyer@mhsc.com>,
North American Noise and Off-topic Gripes <nanog@merit.edu>
Date: Tue, 10 Apr 2001 13:22:22 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Greg Maxwell [mailto:gmaxwell@martin.fl.us]
> Sent: Tuesday, April 10, 2001 12:46 PM
>
> On Tue, 10 Apr 2001, Stephen Sprunk wrote:
> > There's also a general perception that NAT increases security; some
> > "security" companies go so far as to say NAT removes the need for a
> > firewall. It's amazing how many network admins believe this.
>
> Some also say that firewalls/nats remove the need to secure
> your systems.
They would also be wrong. Picture one user, with a wireless port or
direct-dial modem, also attached to your internal LAN. NAT or no NAT, FW or
no FW, your data is toast unless you trust them explicitly. This includes
100% of your internal users.
FALLACY:
NAT, Firewalls, and bastion-hosts, make your LAN secure.
