nanog mailing list archives

Re: Is NAT can provide some kind of protection?

From: Paul Ferguson <fergdawgster () gmail com>
Date: Wed, 12 Jan 2011 11:21:24 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 12, 2011 at 11:09 AM, Owen DeLong <owen () delong com> wrote:

No, NAT doesn't provide additional security. The stateful inspection that
NAT cannot operate without provides the security. Take away the
address mangling and the stateful inspection still provides the same
level of security.


There is a least one situation where NAT *does* provide a small amount of
necessary security.

Try this at home, with/without NAT:

1. Buy a new PC with Windows installed
2. Install all security patches needed since the OS was installed

Without NAT, you're unpatched PC will get infected in less than 1 minute.

Cheers,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFNLf8gq1pz9mNUZTMRAjduAJ4w7az13wwn1zsze0DoLTRvOajxxQCgmWMG
ZckeFBpLWyoqG/g9iD2cKIk=
=yYof
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

Re: Is NAT can provide some kind of protection?, (continued)
- - - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? Dobbins, Roland (Jan 13)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? William Herrin (Jan 13)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 13)
    - Re: Is NAT can provide some kind of protection? William Herrin (Jan 13)
    - Re: Is NAT can provide some kind of protection? Lamar Owen (Jan 13)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 13)
  - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Paul Ferguson (Jan 12)
    - Re: Is NAT can provide some kind of protection? Steven Kurylo (Jan 12)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
    - Re: Is NAT can provide some kind of protection? Scott Helms (Jan 12)
    - Re: Is NAT can provide some kind of protection? Chris Adams (Jan 12)
    - Re: Is NAT can provide some kind of protection? Scott Helms (Jan 12)
    - Re: Is NAT can provide some kind of protection? david raistrick (Jan 12)
    - Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
    - Re: Is NAT can provide some kind of protection? Miquel van Smoorenburg (Jan 12)
    - Re: Is NAT can provide some kind of protection? Scott Helms (Jan 12)
    - Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)

(Thread continues...)