It is a complete fallacy that NAT provides any sort of security. It does
no such thing. Security is provide by a firewall, and (more importantly)
by strong security policies that are policed and enforced.
----- Original Message -----
From: Leonid Yegoshin <egoshin(_at_)genesyslab(_dot_)com>
Newsgroups: cisco.external.ietf
Sent: Tuesday, April 25, 2000 10:11 PM
Subject: Re: NAT->IPv6
From: John Stracke <francis(_at_)ecal(_dot_)com>
"J. Noel Chiappa" wrote:
So, you're the CIO for Foondoggle Corp, and you're trying to figure
out
whether to spend any of your Q3 funds on IPv6 conversion. Let's see,
benefits
are not very many (autoconfig may be the best one), and the cost is
substantial.
Sure. Then you buy out Moondoggle Corp, which used some of the same
private IP
numbers you did, and you're faced with having to renumber everything.
While
you're at it, you decide to convert both networks to v6 so it'll be
easier next
time.
(Yes, I know you could put a NAT between the two former companies; but
it'll
*hurt*.)
Once in company where I worked somebody brought a virus and it crashed
a lot of Windows host. I don't remember details about it's fast
propogation
but I remember how terrific IS staff wanted to put firewalls/NATs between
each floor ! They considered it as the only warranty and _asked_ money
for that.
- Leonid Yegoshin, LY22