Re: NAT Pseudo Security

[salgak () speakeasy net]

> -----Original Message-----
> From: Lee T. Christie [mailto:Lee.Christie () mosaicinfo org]
> Sent: Tuesday, May 4, 2004 02:25 PM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] NAT Pseudo Security
>
> I was wondering what everyone's thoughts were utilizing NAT as your only
> security mechanism, for protection from the Internet.  I realize that NAT was
> not designed for security purposes.  For instance, if network A is connecting
> to the Internet behind a router performing NAT, no incoming address or port
> forwarding, what are my risks, from outside hosts?  The way I see it by
> implementing a SOHO firewall I gain a) Ingress and Egress packet control b)
> Statefull inspection or proxy inspection c) A potentially hardened OS on the
> unit d) Logging and Reporting e) Secure management

In my year at a dot-com, I came in to find NAT was being used as a firewall.  I fixed THAT shortly after I took over as 
admin.  I also replaced Symantec with SOPHOS, as our subscription was ending and at the time, an auto-update function 
of Symantec corporate had the nasty habit of crashing our domain controller. . . .

ANY firewall is better than NO firewall, period. . .


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards