Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
I posit that a screen door does not provide any security. A lock and deadbolt provide some security. NAT/PAT is a screen door. Not having public addresses is a screen door. A stateful inspection firewall is a lock and deadbolt.
It's tedious getting in and out with a lock and a deadbolt so we don't bother. The screen door stops some bugs flying in. I don't see why people make a big deal of this, to the extent of trying to stop people doing NAT if they want to in v6. People can break their connection if they want, for some a box that does what a pre configured NAT box does is more security than they would have if left to configure something else (child wants some p2p, child opens ports and a few others over time, firewall is pointless) Assuming NAT cannot exist is what annoys me as it also breaks a lot of proxy firewalls too by trying to force an end to end model that doesn't suit all. Back to "rabbit season" "duck season" discussion... brandon
participants (1)
-
Brandon Butterworth