RE: NAT external/Public IP

[Jason Alexander <jalexander () plus net>]

Looks like a requirement?

<snip>1.5 Implement IP masquerading to prevent internal addresses from being translated and revealed on the Internet. 
Use technologies that implement RFC 1918 address space, such as port address translation (PAT) or network address 
translation (NAT).<snip>

-----Original Message-----
From: Eric Furman [mailto:ericfurman () fastmail net] 
Sent: 25 October 2007 18:13
To: Jason Alexander; Security Basics
Subject: RE: NAT external/Public IP

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com]
> On Behalf Of Ansgar -59cobalt- Wiechers
> Sent: 25 October 2007 15:49
> To: security-basics () securityfocus com
> Subject: Re: NAT external/Public IP
>
> On 2007-10-25 crazy frog crazy frog wrote:
> > On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:
> > > Would like know is ther any security concern to bring in 
> > > external/public IP with out NAT to inside of the enterprise network.
> > > Is it any way more secure if we use NAT?
> [...]
> > 2)If you allow lots of machine to direct access the internet with 
> > external ip they may pose a security risk.
>
> How would that pose a risk that would not exist with NAT'ed machines?

On Thu, 25 Oct 2007 16:28:13 +0100, "Jason Alexander"
<jalexander () plus net> said:
>  If its not a security risk then why is it a PCI requirement?

If you are talking about Payment Card Industry (PCI) Data Security Standard, there isn't one for NAT.