Victor, To answer your question directly, no, NAT does not provide adequate security ... for anything.
The best NAT can do is provide obfuscation, or “security by obscurity” which has been proven beyond the shadow of any doubt to be no security whatsoever. It just hides information that can be gotten through other means. NAT is strictly for IPv4 and is thus unable to protect IPv6 hosts in any way, unable to defend against man in the middle attacks, injections into existing connections, port scanning attacks, internal willing host attacks….I dunno I could probably go on but maybe you get the idea. It seems that all attacks assume there is a NAT component somewhere in the chain and are well prepared to defeat it as a matter of course. And they can in very short order. All NAT really accomplishes is it gives us the means to have way more IPv4 machines than we have address space for. It’s not security of any sort. I don’t think it ever was. If you are relying solely upon NAT to protect your home network, that you have not already been hacked is just a matter of luck. I run a commercial quality firewall on my network (thanks to almost 40 years of working in IT) and I get scanned, probed and prodded all the time. Nearly all of them would have defeated a NAT without firewall in a matter of seconds. Now, if you have a firewall along with your NAT device, and my experience is that many modern ISP devices do both firewall and NAT together, then as long as you have not opened up ports or disabled firewall rules, then you are probably OK. But the key point here is that you have a firewall. Security is really outside of NAT’s wheelhouse. 73, Dave - N5DCH > On Feb 9, 2022, at 1:29 AM, Victor Rosenthal 4X6GP <k2vco....@gmail.com> > wrote: > > Most home routers have NAT (network address translation). Does this provide > adequate security for this application? > If not, why not? Serious question, not a challenge! > > 73, > Victor, 4X6GP > Rehovot, Israel > CWops #5 > Formerly K2VCO > https://www.qsl.net/k2vco/ > . > On 09/02/2022 10:00, Henk Remijn PA5KT via Elecraft wrote: >> The K4 is accessible through telnet on port 9200. >> No security. >> It is always a good idea to have security but I would prefer to have >> the telnet without security and put the security in the network. >> Make sure you have a good firewall between the internet and your >> radio equipment. Dont trust your internet provider. Always put a >> firewall between your internetprovider firewall/router en your home >> network. >> 73 Henk PA5KT > ______________________________________________________________ > Elecraft mailing list > Home: http://mailman.qth.net/mailman/listinfo/elecraft > Help: http://mailman.qth.net/mmfaq.htm > Post: mailto:Elecraft@mailman.qth.net > > This list hosted by: http://www.qsl.net > Please help support this email list: http://www.qsl.net/donate.html > Message delivered to david.n5...@gmail.com ______________________________________________________________ Elecraft mailing list Home: http://mailman.qth.net/mailman/listinfo/elecraft Help: http://mailman.qth.net/mmfaq.htm Post: mailto:Elecraft@mailman.qth.net This list hosted by: http://www.qsl.net Please help support this email list: http://www.qsl.net/donate.html Message delivered to arch...@mail-archive.com
