nanog mailing list archives
Re: Have they stopped teaching Defense in Depth?
From: William Herrin <bill () herrin us>
Date: Wed, 16 Nov 2011 11:43:54 -0500
On Wed, Nov 16, 2011 at 11:11 AM, Owen DeLong <owen () delong com> wrote:
On Nov 15, 2011, at 2:01 PM, William Herrin wrote:On Tue, Nov 15, 2011 at 4:50 PM, Mark Andrews <marka () isc org> wrote:If you want to use unroutable addresses then use a bastion host / proxy.What is a modern NAT but a bastion host proxy for which application compatibility has been maximized?It is a mechanism for header mutilation which creates additional costs in hardware (cost of routers), software (development of NAT traversal code in various applications, NAT software in some cases), security (NAT obfuscates audit trails and increases the difficulty and cost of event correlation, forensics, abuser identification, and attack source identification and mitigation, etc.).
In other words, all of the things a proxy does but without sacrificing as many applications. -Bill -- William D. Herrin ................ herrin () dirtside comĀ bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Arguing against using public IP space, (continued)
- Re: Arguing against using public IP space Jeroen van Aart (Nov 14)
- Re: Arguing against using public IP space William Herrin (Nov 15)
- Re: Arguing against using public IP space Michael Sinatra (Nov 15)
- Re: Arguing against using public IP space Owen DeLong (Nov 15)
- Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 15)
- Re: Have they stopped teaching Defense in Depth? Mark Andrews (Nov 15)
- Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 15)
- Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
- RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
- Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
- Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 16)
- Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
- Re: Have they stopped teaching Defense in Depth? Jimmy Hess (Nov 16)
- Re: Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 16)
- RE: Have they stopped teaching Defense in Depth? Leigh Porter (Nov 16)
- Re: Have they stopped teaching Defense in Depth? Valdis . Kletnieks (Nov 16)
- RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
- Re: Arguing against using public IP space Jay Ashworth (Nov 13)
- Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
- Re: Arguing against using public IP space Brett Frankenberger (Nov 13)