9 Nov
2004
9 Nov
'04
4:15 p.m.
On Wed, 10 Nov 2004 03:14:51 EST, Jerry Eyers said:
"Get a firewall" is not a valid response when you have lusers to drop the latest netgear whatever onto their PC and dial to some provider somewhere. Your firewall is useless to protect that segment. In many cases NAT is the ONLY protection you end up with in this scenario, a scenario that is far to common in the corporate world.
And NAT does what, exactly, to defend you against a PC that has one interface on the NAT'ed network and one interface "elsewhere/elsewhen" (be it a netgear, or somebody at the far end of a VPN, or a laptop that was connected externally, and now is on the corporate LAN)? There's a *reason* why Bill Cheswick said "A crunchy shell around a soft, chewy inside"......