[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does IPv6 preclude use of a NAT gateway?

On Fri, 15 Jul 2011 20:53:06 -0400, Johan Kullstam wrote:

> Camaleón <noelamac@gmail.com> writes:

(...)

>> Yes, most of us -wrongly- believe that our NATed router is like a wall
>> between our computers and the dangerous external web (because indeed it
>> is hidding somehow) but this is not a security measure per se but
>> security by obfuscation: that we can't see it does not mean we can't
>> reach it. There can be still holes in router's firmware or bad
>> configured DSL devices that may expose the user regardless NATed or not
>> ;-)
> 
> OK, you put a new XP box directly on the internet and I'll put one
> behind a NAT router box.  Do you wish to take bets on who can update
> before getting owned?

Yes, I bet it will win the one running with a non-admin account and 
having a software firewall turned on >;-)

> NAT is a firewall.  Maybe not a great one.  But it does function as
> such.

I'd say that NAT+router+firewall combo is secure, but NAT per se is not. 
That is, NAT benefits from firewall and routing capabilities available in 
most of the devices we found in the market but nothing more. 

In fact, from an admin POV, having to rule with NAT setups adds extra 
difficulty to put in place good security measures.

Greetings,

-- 
Camaleón
Reply to: