Oscar Rau wrote:
> Is Network Address Translation (NAT) a security solution?
No. NAT merely translates addresses and ports. In this respect, it is
even
said an insecurity tool since it allows addressing internal hosts that
are
otherwise unaddressable. This is evident when NAT is used to permanently
map
external - internal ips and ports (static NAT).
In practice where NAT is used in translating internal ip/port into
external
one (dynamic NAT), there is no way for NAT to translate arbitrary
connection
requests into internal addresses, hence such requests cannot penetrate
inside,
NAT is said safe. However, note that internal hosts that have
dynamically
mapped ip/port are addressable from outside while the map is effective.
NAT packages come with respectively tandemed filter packages. Use them
to
tighten NAT -weakness- with them.
horio shoichi
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
