[Techtalk] To NAT or not to NAT?

Nils Philippsen nils at wombat.dialup.fht-esslingen.de
Wed Nov 13 23:33:13 EST 2002

On Wed, 2002-11-13 at 17:43, Michelle Murrain wrote:

> Obviously, I'm going to use NAT for machines in my internal network 
> that aren't servers. But in terms of the servers, what are the real 
> advantages of NAT besides "security by obscurity" which I know isn't 
> sufficient, and, right now isn't necessary, since I'm using IOS 
> access lists as well as ipchains/tables on my servers?

I would say that NAT isn't just "security by obscurity", because someone
from the outside not only doesn't know that a specific service is on
this machine and another one on the other, but the outsider isn't able
to address the machine directly. I.e. even if the NAT gateway's
filtering rules somehow magically vanished, the inner machines can only
be directly addressed from the NAT gateway. Not much, but one additional
hurdle a possible intruder has to break down.

Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
   nils at wombat.dialup.fht-esslingen.de / nils at redhat.de / nils at lisas.de
   PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
       Ever noticed that common sense isn't really all that common?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://linuxchix.org/pipermail/techtalk/attachments/20021113/53694be0/attachment.pgp

More information about the Techtalk mailing list