Firewall Wizards mailing list archives
Re: NAT Pseudo Security
From: salgak () speakeasy net
Date: Tue, 04 May 2004 14:57:13 +0000
-----Original Message----- From: Lee T. Christie [mailto:Lee.Christie () mosaicinfo org] Sent: Tuesday, May 4, 2004 02:25 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] NAT Pseudo Security I was wondering what everyone's thoughts were utilizing NAT as your only security mechanism, for protection from the Internet. I realize that NAT was not designed for security purposes. For instance, if network A is connecting to the Internet behind a router performing NAT, no incoming address or port forwarding, what are my risks, from outside hosts? The way I see it by implementing a SOHO firewall I gain a) Ingress and Egress packet control b) Statefull inspection or proxy inspection c) A potentially hardened OS on the unit d) Logging and Reporting e) Secure management
In my year at a dot-com, I came in to find NAT was being used as a firewall. I fixed THAT shortly after I took over as admin. I also replaced Symantec with SOPHOS, as our subscription was ending and at the time, an auto-update function of Symantec corporate had the nasty habit of crashing our domain controller. . . . ANY firewall is better than NO firewall, period. . . _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT Pseudo Security Lee T. Christie (May 04)
- Re: NAT Pseudo Security Srini (May 04)
- Re: NAT Pseudo Security Mikael Olsson (May 04)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security Frank Knobbe (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- <Possible follow-ups>
- Re: NAT Pseudo Security salgak (May 04)
- VPN testing utility lordchariot (May 04)
- Re: NAT Pseudo Security R. DuFresne (May 05)
- RE: NAT Pseudo Security Melson, Paul (May 04)
- RE: NAT Pseudo Security Sloane, David (May 04)
- RE: NAT Pseudo Security Chris Carlson (May 04)
- RE: NAT Pseudo Security Daniel Chemko (May 06)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Melson, Paul (May 06)