nanog mailing list archives

Re: Is NAT can provide some kind of protection?

From: Loránd Jakab <ljakab () ac upc edu>
Date: Wed, 12 Jan 2011 16:01:15 +0100

On 01/12/2011 02:59 PM, Nick Hilliard wrote:

On 21/03/2007 09:41, Tarig Ahmed wrote:

Is it true that NAT can provide more security?


No.

[snip]

Your security guy will probably say that a private IP address will
give better protection because it's not reachable on the internet. 
But the reality is if you have 1:1 NAT to a server port, then you have
reachability and his argument becomes substantially invalid.


This setup will provide *less* security. Apart from the DoS scenario,
should your public facing server get compromised, you have given easy
access to your private infrastructure.

-Lorand Jakab

Current thread:

Is NAT can provide some kind of protection? Tarig Ahmed (Jan 12)
- Re: Is NAT can provide some kind of protection? Nick Hilliard (Jan 12)
  - Re: Is NAT can provide some kind of protection? Tarig Ahmed (Jan 12)
    - Re: Is NAT can provide some kind of protection? ML (Jan 12)
    - Re: Is NAT can provide some kind of protection? Greg Ihnen (Jan 12)
  - Re: Is NAT can provide some kind of protection? Loránd Jakab (Jan 12)
    - Re: Is NAT can provide some kind of protection? Valdis . Kletnieks (Jan 12)
- RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
  - Re: Is NAT can provide some kind of protection? Fernando Gont (Jan 12)
    - RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
    - RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
    - Re: Is NAT can provide some kind of protection? Steven Kurylo (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)

(Thread continues...)