30 Oct
2003
30 Oct
'03
9:38 a.m.
On Thu, 2003-10-30 at 09:22, Scott McGrath wrote:
That was _exactly_ the point I was attempting to make. If you recall there was a case recently where a subcontractor at a power generation facility linked their system to an isolated network which gave unintentional global access to the isolated network. a NAT at the subcontrator's interface would have prevented this.
So would have a stateful firewall set to keep state, default deny inbound. This is how customer grade firewall products should work with NAT disabled, although they probably don't. -Paul -- Paul Timmins <paul@timmins.net>