Security Basics mailing list archives
RE: NAT external/Public IP
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Thu, 25 Oct 2007 11:52:52 -0500
It doesn't tell you that you must use NAT. It tells you to properly secure your internal address space SUCH AS PAT or NAT. "1.5 Implement IP masquerading to prevent internal addresses from being translated and revealed on the internet. Use technologies that implement RFC 1918 address space, such as port address translation (PAT) or network address translation (NAT)." NAT doesn't make much of a difference in how secure a public IP is. As long as the host is properly secured it should be no different than hosting a DMZ. Nick Vaernhoej "Quidquid latine dictum sit, altum sonatur." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jason Alexander Sent: Thursday, October 25, 2007 10:28 AM To: security-basics () securityfocus com Subject: RE: NAT external/Public IP If its not a security risk then why is it a PCI requirement? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ansgar -59cobalt- Wiechers Sent: 25 October 2007 15:49 To: security-basics () securityfocus com Subject: Re: NAT external/Public IP On 2007-10-25 crazy frog crazy frog wrote:
On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:Would like know is ther any security concern to bring in external/public IP with out NAT to inside of the enterprise network. Is it any way more secure if we use NAT?
[...]
2)If you allow lots of machine to direct access the internet with external ip they may pose a security risk.
How would that pose a risk that would not exist with NAT'ed machines? Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- RE: NAT external/Public IP, (continued)
- RE: NAT external/Public IP Jason Alexander (Oct 26)
- RE: NAT external/Public IP Grant Donald (Oct 29)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 29)
- Re: NAT external/Public IP Michael Painter (Oct 30)
- RE: NAT external/Public IP Grant Donald (Oct 30)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 30)
- RE: NAT external/Public IP Security Incidents (Oct 30)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 31)
- RE: NAT external/Public IP Dan Lynch (Oct 31)
- Re: NAT external/Public IP Chris Barber (Oct 25)
- RE: NAT external/Public IP Nick Vaernhoej (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- Re: NAT external/Public IP Brett (Oct 25)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)