On Jan 12, 2011, at 11:21 AM, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Jan 12, 2011 at 11:09 AM, Owen DeLong <owen@delong.com> wrote:
No, NAT doesn't provide additional security. The stateful inspection that NAT cannot operate without provides the security. Take away the address mangling and the stateful inspection still provides the same level of security.
There is a least one situation where NAT *does* provide a small amount of necessary security.
Try this at home, with/without NAT:
1. Buy a new PC with Windows installed 2. Install all security patches needed since the OS was installed
Without NAT, you're unpatched PC will get infected in less than 1 minute.
Wrong. Repeat the experiment with stateful firewall with default inbound deny and no NAT. Yep... Same results as NAT. NAT != security. Stateful inspection = some security. Next!! Owen