nanog mailing list archives

Re: Addressing plan exercise for our IPv6 course

From: Jens Link <lists () quux de>
Date: Fri, 23 Jul 2010 11:50:02 +0200

Owen DeLong <owen () delong com> writes:

In all reality:

1.    NAT has nothing to do with security. Stateful inspection provides
      security, NAT just mangles addresses.


You know that, I know that and (hopefully) all people on this list know
that. But NAT == security was and still is sold by many people.

Most customers don't know or care what NAT is and wouldn't know the
difference between a NAT firewall and a stateful inspection firewall.


I Agree. But there are also many people who want to believe in NAT as
security feature.

After one of my talks about IPv6 the firewall admins of a company said
something like: "So we can't use NAT as an excuse anymore and have to
configure firewall rules? We don't want this."

cheers

Jens
-- 
-------------------------------------------------------------------------
| Foelderichstr. 40   | 13595 Berlin, Germany    | +49-151-18721264     |
| http://blog.quux.de | jabber: jenslink () guug de | -------------------  | 
-------------------------------------------------------------------------

Current thread:

Re: Addressing plan exercise for our IPv6 course, (continued)
- - Re: Addressing plan exercise for our IPv6 course Antonio M. Moreiras (Jul 21)
    - Re: Addressing plan exercise for our IPv6 course Alex Band (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Matthew Walster (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Valdis . Kletnieks (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Matthew Kaufman (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Akyol, Bora A (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 22)
    - RE: Addressing plan exercise for our IPv6 course Frank Bulk - iName.com (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 22)
    - Re: Addressing plan exercise for our IPv6 course Jens Link (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 23)
    - Re: Addressing plan exercise for our IPv6 course Jens Link (Jul 25)
    - Re: Addressing plan exercise for our IPv6 course Matthew Palmer (Jul 25)
    - Re: Addressing plan exercise for our IPv6 course Akyol, Bora A (Jul 27)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 27)
    - Re: Addressing plan exercise for our IPv6 course Mark Smith (Jul 29)
    - Re: Addressing plan exercise for our IPv6 course Tim Franklin (Jul 29)
    - Re: Addressing plan exercise for our IPv6 course Valdis . Kletnieks (Jul 24)
    - Re: Addressing plan exercise for our IPv6 course Saku Ytti (Jul 24)
    - Re: Addressing plan exercise for our IPv6 course Owen DeLong (Jul 24)

(Thread continues...)