11 Jul
2006
11 Jul
'06
4:34 p.m.
* Fergie:
I disagree with your statement on NAT end-points not being "publicly accessible" -- that's certainly not true, and a myth that needs to be finally killed.
From a security point of view, they are still accessible. From an operational point of view, they are not, at least not on the original IP layer, and if you aren't using 1:1 NAT.
Nevertheless, I think that the "publicly accessible" criterion is flawed because it is too murky. But something similar is necessary to implement the corporate networks exception.