Hallo Frank,
I think your are wrong here. By using NAT and inofficial or private
addresses for your internal network you determine which internal hosts
are accessible at all from the outside. So NAT can be in any case an
efficient security measure. Of course it's normally not sufficient as the
single one.
In this special case I see three items to be checked:
1. Of course there must be additional protection against malicious
software (viruses, worms, etc.).
2. The administrations access to the Cisco router is extremly critical,
because there is no additional firewall protecting the internal net. So
this access should be protected REALLY STRONG.
3. How secure is the internal mail server ? Could it be attacked through
the single open port ?
If these items are cleared positively I think its a secure solution. If
you disagree please let us know how this network could be attacked. from
the outside.
Kind regards
Bernd Petri
Frank Knobbe at Home wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aaron,
>
> NAT by itself is not a security measure at all. It is just a
> mechanism for translating IP addresses, but doesn't to anything for
> security.
>
> The security aspect, which comes in to play with firewalls, has to do
> with intelligent handling of packets, accepting and denying packets
> based on certain criteria, such as session state, direction, source
> and destination address and port, authorization and authentication.
>
> Regards,
> Frank
>
> > -----Original Message-----
> > From: Aaron Wetherhold [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, November 22, 1999 11:31 AM
> >
> > I've read this list for a while now, and something I'm still
> > unsure about is
> > how secure is Network Address Translation as a security measure?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.1
> Comment: PGP or S/MIME (X.509) encrypted email preferred.
>
> iQA/AwUBODnirERKym0LjhFcEQJ4xQCg5Hzwf+kY99UbeN6lCT2cMgrmh7QAnjjN
> Dg5zw0xCC0OHgTmp+KYtgOt9
> =2eZZ
> -----END PGP SIGNATURE-----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
