Educause Security Discussion mailing list archives
Re: Large edu's doing NAT campus wide?
From: Chris Allison <allisoc () MUOHIO EDU>
Date: Sun, 29 Apr 2007 15:05:29 -0400
All, I would be interested in hearing other peoples ideas concerning using a campus wide NAT to provide additional protection. At MU we are looking at adding NAT. The idea would be that the internal address space would not be reachable from outside unless you used VPN or talked to the security guys about setting up a static IP and associated NAT map. As you might imagine, a number of academic types don't like the idea. For the most part, they have not created a convincing argument against. My experience is they don't really come after you until after you pull the switch. With all the devices coming onto campus, one does not have to look far to see we will have addressing problems soon. In fact we are already having point issues and the occurrences are becoming more frequent. We don't yet have experience with campus wide NAT, so I would very much like to know about others and; Joe, Could you send me any responses you received? Thanks, Chris Allison, PMP Miami University On Apr 28, 2007, at 9:40 PM, Randy Marchany wrote:
Doing NAT campus-wide? You need to ask yourself the following questions: 1. What is the purpose of using NAT? a. To hide IP addresses? -Wireless makes it easy to determine the address b. To address running out of IP address space? - could be a good solution c. Protect your systems? - Does NAT really add to protecting a host? Personal FW + border controls seem to be enough. Again, wireless forces you to consider its impact on this strategy. Using NAT for security purposes doesn't really add anything to your defense posture IMHO. Wireless is the weakness. However, using it for extending IP address space might be better but there are probably better solutions around. Just my .02. -Randy Marchany VA Tech IT Security Office/Lab
Current thread:
- Large edu's doing NAT campus wide? Joe St Sauver (Apr 28)
- <Possible follow-ups>
- Re: Large edu's doing NAT campus wide? Scott O. Bradner (Apr 28)
- Re: Large edu's doing NAT campus wide? Randy Marchany (Apr 28)
- Re: Large edu's doing NAT campus wide? Randall C Grimshaw (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Murphy (Apr 29)
- Re: Large edu's doing NAT campus wide? Joe St Sauver (Apr 29)
- Re: Large edu's doing NAT campus wide? Chris Allison (Apr 29)
- Re: Large edu's doing NAT campus wide? Kenneth Arnold (Apr 29)
- Re: Large edu's doing NAT campus wide? Russell Fulton (Apr 29)
- Re: Large edu's doing NAT campus wide? Cal Frye (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 29)
- Large edu's doing NAT campus wide? Marcos Vieyra (Apr 30)
- Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: Large edu's doing NAT campus wide? Justin Azoff (Apr 30)
- Re: Large edu's doing NAT campus wide? Roger Safian (Apr 30)
- Re: Large edu's doing NAT campus wide? Brian Paige (Apr 30)
- Re: Large edu's doing NAT campus wide? John Ladwig (Apr 30)
(Thread continues...)