Educause Security Discussion mailing list archives

Re: Large edu's doing NAT campus wide?

From: Randy Marchany <marchany () CANDI2 CIRT VT EDU>
Date: Sat, 28 Apr 2007 21:40:16 -0400

Doing NAT campus-wide?

You need to ask yourself the following questions:

1. What is the purpose of using NAT?
        a. To hide IP addresses?
                -Wireless makes it easy to determine the address
        b. To address running out of IP address space?
                - could be a good solution
        c. Protect your systems?
                - Does NAT really add to protecting a host? Personal FW +
                  border controls seem to be enough. Again, wireless
                  forces you to consider its impact on this strategy.

Using NAT for security purposes doesn't really add anything to your defense
posture IMHO. Wireless is the weakness. However, using it for extending IP
address space might be better but there are probably better solutions around.

Just my .02.

        -Randy Marchany
        VA Tech IT Security Office/Lab

Current thread:

Large edu's doing NAT campus wide? Joe St Sauver (Apr 28)
- <Possible follow-ups>
- Re: Large edu's doing NAT campus wide? Scott O. Bradner (Apr 28)
- Re: Large edu's doing NAT campus wide? Randy Marchany (Apr 28)
- Re: Large edu's doing NAT campus wide? Randall C Grimshaw (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Murphy (Apr 29)
- Re: Large edu's doing NAT campus wide? Joe St Sauver (Apr 29)
- Re: Large edu's doing NAT campus wide? Chris Allison (Apr 29)
- Re: Large edu's doing NAT campus wide? Kenneth Arnold (Apr 29)
- Re: Large edu's doing NAT campus wide? Russell Fulton (Apr 29)
- Re: Large edu's doing NAT campus wide? Cal Frye (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 29)
- Large edu's doing NAT campus wide? Marcos Vieyra (Apr 30)
- Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)

(Thread continues...)