Re: NAT->IPv6

In message <001501bfaf43$127e4d00$3490130a(_at_)cisco(_dot_)com>, "Eliot Lear" 
writes:

It is a complete fallacy that NAT provides any sort of security.  It does
no such thing.  Security is provide by a firewall, and (more importantly)
by strong security policies that are policed and enforced.


Eliot is absolutely right.  A NAT box *might* be part of a firewall, but by 
itself it isn't one.  It's no more secure, and often less so, than an 
application-level firewall.

The myth that NATs per se provide strong security is one of the greatest 
barriers to their elimination.

                --Steve Bellovin

<Prev in Thread]	Current Thread	[Next in Thread>
Re: NAT->IPv6, J. Noel Chiappa Re: NAT->IPv6, John Stracke Re: NAT->IPv6, Leonid Yegoshin Re: NAT->IPv6, Leonid Yegoshin Re: NAT->IPv6, Eliot Lear Re: NAT->IPv6, Steven M. Bellovin <= Re: NAT->IPv6, Leonid Yegoshin Re: NAT->IPv6, Greg Hudson Re: NAT->IPv6, Vernon Schryver Re: NAT->IPv6, Eliot Lear Re: NAT->IPv6, Vernon Schryver Re: NAT->IPv6, Leonid Yegoshin

Previous by Date:	Re: SCSI over IP (fwd), Dave_Lee
Next by Date:	Re: draft-ietf-nat-protocol-complications-02.txt, Sean Doran
Previous by Thread:	Re: NAT->IPv6, Eliot Lear
Next by Thread:	Re: NAT->IPv6, Leonid Yegoshin
Indexes:	[Date] [Thread] [Top] [All Lists]