12 Jan
2011
12 Jan
'11
3:01 p.m.
On 01/12/2011 02:59 PM, Nick Hilliard wrote:
On 21/03/2007 09:41, Tarig Ahmed wrote:
Is it true that NAT can provide more security?
No.
[snip]
Your security guy will probably say that a private IP address will give better protection because it's not reachable on the internet. But the reality is if you have 1:1 NAT to a server port, then you have reachability and his argument becomes substantially invalid.
This setup will provide *less* security. Apart from the DoS scenario, should your public facing server get compromised, you have given easy access to your private infrastructure. -Lorand Jakab