On 1/12/2011 11:57 AM, Steven Kurylo wrote:
Some benefit? Yes. Enough benefit to be worth the trouble? I personally am not convinced.
Some people believe it is. Who am I to tell them how to run their network? They block facebook and yahoo. I, unfortunately, can't. :)
Considering the amount of people who mistake the amount of security NAT provides, we're probably better off without it to remove that false sense of security.
People will then have a false sense of security with stateful firewalls that perform no better than NAT, just without the address translation. The type of stateful firewall with or without address translation will not suddenly make people become wiser and implement better security policies. Vendors will always make a cheap setup which people will use and consider themselves secure.
Jack
