Security Basics mailing list archives
Re: NAT and Web Server Security
From: "Cheryl Goh" <cherylgoh () elock com my>
Date: Fri, 22 Nov 2002 15:28:15 +0800
When NAT is configured at the firewall to allow the public to access a web server, it is a Static NAT which basically tells the firewall to forward all traffic destined to the global address of a web server to the internal address that is unknown to the public. All traffic is passed through and therefore it will not prevent a hacker from penetrating the server. It will however hide the ip addresses of all other internal servers, preventing hackers from accessing those servers directly from the internet. ----- Original Message ----- From: <spato99 () hotmail com> To: <security-basics () securityfocus com> Sent: Tuesday, November 19, 2002 6:27 AM Subject: NAT and Web Server Security
We're about to put a public web server on DMZ sitting behind a Teir 1 firewall and only allow http, ssl to it. We intend to assign a public IP address to this server and no NAT'ing is done on the firewall for this address (NATing done for internal network on Teir 2 firewall). It has been suggested that without NATing, it is possible for a hacker to compromise this server and pretend to be our company... 1) While NAT address some security issues, doesn't this specific risk exist regardless of whether NAT is employed or not? 2) If NAT does help in this case, I'd appreciate comments as to how 3) Is there any good reading material on NAT security - specifically, what it can and can't protect against. The stuff I've read doesn't seem to talk about NAT in this context. Thanks
Current thread:
- NAT and Web Server Security spato99 (Nov 19)
- Re: NAT and Web Server Security Jason Kohles (Nov 21)
- Re: NAT and Web Server Security Cheryl Goh (Nov 25)