On Wed, Nov 16, 2011 at 20:38, Ray Soucy <rps@maine.edu> wrote:
I would go as far as to argue that the false sense of security provided by NAT is more dangerous than any current threat that NAT alone would prevent.
Agreed, and I don't think that's going far at all. My opinion is _both_ stateful firewalls and NATs have been responsible for providing cover for those who fail to secure their endpoints. Yes, dropping a choke point in front of X hosts is X times easier than securing the X hosts. No, it didn't secure X hosts. "Outside is dangerous, inside is trusted" is the root of much current evil. Breaking end-to-end and encouraging everything that needs it to jump through ugly hoops such as UDP NAT traversal or carrying all sorts of non-HTTP over 80 and 443 has made it harder to secure networks, not easier. Cheers, Dave Hart