On 02/15/12 23:34, Owen DeLong wrote:
I think one of the most damaging fundamental misconceptions which is not only rampant among students, but, also enterprise IT professionals is the idea that NAT is a security tool and the inability to conceive of the separation between NAT (header mutilation) and Stateful Inspection (policy enforcement).
Another misconception is that RFC 1918 somehow implies/specifies/requires NAT. The idea of using private address without NATing them seems to totally bewilder some people. And they often can't wrap their heads around the possibility of routing RFC 1918 space internally and also not using NAT. (This causes them to be even more confused at the fact that RFC 4193 specifies ULA for IPv6, but there is no stateful NAT currently specified.) Concepts/words that often get confused: Difference between 'allocation' and 'assignment' in IP addressing. Use of the word "IP" alone to mean "IP address," e.g.: Person: "Does that server have an IP assigned?" Me: "Yeah, it's got a whole stack." Then, of course, there's the silly situation where people mean to say "rogue" but they type "rouge" as in "rouge DHCP server," "rouge RA advertiser," etc. michael