nanog mailing list archives

Re: Have they stopped teaching Defense in Depth?

From: William Herrin <bill () herrin us>
Date: Wed, 16 Nov 2011 11:43:54 -0500

On Wed, Nov 16, 2011 at 11:11 AM, Owen DeLong <owen () delong com> wrote:

On Nov 15, 2011, at 2:01 PM, William Herrin wrote:

On Tue, Nov 15, 2011 at 4:50 PM, Mark Andrews <marka () isc org> wrote:

If you want to use unroutable addresses then use a bastion host /
proxy.


What is a modern NAT but a bastion host proxy for which application
compatibility has been maximized?


It is a mechanism for header mutilation which creates additional costs
in hardware (cost of routers), software (development of NAT traversal
code in various applications, NAT software in some cases), security
(NAT obfuscates audit trails and increases the difficulty and cost of
event correlation, forensics, abuser identification, and attack source
identification and mitigation, etc.).


In other words, all of the things a proxy does but without sacrificing
as many applications.

-Bill



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

Current thread:

Re: Arguing against using public IP space, (continued)
- - - Re: Arguing against using public IP space Jeroen van Aart (Nov 14)
    - Re: Arguing against using public IP space William Herrin (Nov 15)
    - Re: Arguing against using public IP space Michael Sinatra (Nov 15)
    - Re: Arguing against using public IP space Owen DeLong (Nov 15)
    - Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 15)
    - Re: Have they stopped teaching Defense in Depth? Mark Andrews (Nov 15)
    - Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 15)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? William Herrin (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Owen DeLong (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jimmy Hess (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Jay Ashworth (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Leigh Porter (Nov 16)
    - Re: Have they stopped teaching Defense in Depth? Valdis . Kletnieks (Nov 16)
    - RE: Have they stopped teaching Defense in Depth? Jamie Bowden (Nov 16)
- Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
  - Re: Arguing against using public IP space Jay Ashworth (Nov 13)
    - Re: Arguing against using public IP space Dobbins, Roland (Nov 13)
    - Re: Arguing against using public IP space Brett Frankenberger (Nov 13)

(Thread continues...)