[Dshield] NAT: Secure?

Neil G. Lovering nlovering at nle-inc.com
Wed Aug 27 16:10:24 GMT 2003


That was kinda/sorta my point.  NAT is a good start.  PAT (multiple
internal IPs to one external IP) is better.  But it still leaves holes
(as others have pointed out).  Something that does stateful inspection
(ie - firewall) gives the added protection.  The problem is that vendors
have merged the terms together in their products, so the average
consumer might not know what he/she is really getting.

Neil



-----Original Message-----
From: Alan Frayer [mailto:afrayer at frayernet.com] 
Sent: Wednesday, August 27, 2003 11:51 AM
To: General DShield Discussion List
Subject: RE: [Dshield] NAT: Secure?

That's the way I understand it, too, and while it SOUNDS good that the
intruder needs to know the real destination, we've seen many ways around
this. I'm wondering if NAT is enough for the home network any longer.

On Wed, 2003-08-27 at 09:37, Neil G. Lovering wrote:
> NAT provides a whole lot more security then, say, connecting a PC
> directly to a cable modem.  With NAT, you can have multiple devices
use
> the same public IP address.  Someone on the outside would have to know
> the public IP address and port used to get back to the initial
machine.
> 
> Now, with that said, NAT is certainly not the final straw for
security.
> It's just a start.  NAT is only one tool that a firewall can use to
> protect those on the inside.  However, a true firewall will also look
> deeper into the packets coming through.  A simple NAT device would not
> normally do this.
> 
> Hope this helps.
> 
> Neil
> 


________________________________________________________________________
Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
If you would like to discuss an opportunity with me, please e-mail.


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list