I posit that a screen door does not provide any security.
Any is too strong a word. For people living in an area with
malaria-carrying mosquitoes, that screen door may be more important for
security than a solid steel door with a deadbolt. It all depends on what
the risks are, what you are
The only ways into these machines would be if the NAT/PAT device were
misconfigured, another machine on the secure network were compromised, or
another gateway into the secure network was set up. Guess what? All of these
things would defeat a stateful inspection firewall as well.
I
Again, whether the lock/deadbolt come as a package deal with the screen
door or not, it is the lock/deadbolt that provide the security, not
the screen
door.
Wow, I don't know what to say. I've never heard of a screen door that came
with, and could not work without, a lock and deadbolt. It's
From [EMAIL PROTECTED] Mon Jun 4 13:54:55 2007
Subject: Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
Date: Mon, 4 Jun 2007 14:47:06 -0400
On 4-Jun-2007, at 14:32, Jim Shankland wrote:
Shall I do the experiment again where I set up a Linux box
at an RFC1918 address, behind
On Mon, Jun 04, 2007 at 11:47:15AM -0700, Owen DeLong wrote:
*No* security gain? No protection against port scans from Bucharest?
No protection for a machine that is used in practice only on the
local, office LAN? Or to access a single, corporate Web site?
Correct. There's nothing you
On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:
I can't pass over Valdis's statement that a good properly configured
stateful firewall should be doing [this] already without noting
that on today's Internet, the gap between should and is is
often large.
Let's not forget all the NAT
On Monday 04 June 2007 13:54, [EMAIL PROTECTED] wrote:
On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
*No* security gain? No protection against port scans from Bucharest?
No protection for a machine that is used in practice only on the
local, office LAN? Or to access a single,
On Jun 4, 2007, at 11:32 AM, Jim Shankland wrote:
Owen DeLong [EMAIL PROTECTED] writes:
There's no security gain from not having real IPs on machines.
Any belief that there is results from a lack of understanding.
This is one of those assertions that gets repeated so often people
[EMAIL PROTECTED] writes:
Let's not forget all the NAT boxes out there that are *perfectly*
willing to let a system make an *outbound* connection. So the user
makes a first outbound connection to visit a web page, gets exploited,
and the exploit then phones home to download more malware.
JS Date: Mon, 04 Jun 2007 12:20:38 -0700
JS From: Jim Shankland
JS If what you meant to say is that NAT provides no security benefits
JS that can't also be provided by other means, then I completely
What Owen said is that [t]here's no security gain from not having real
IPs on machines. That is
On Jun 4, 2007, at 1:41 PM, David Schwartz wrote:
On Jun 4, 2007, at 11:32 AM, Jim Shankland wrote:
Owen DeLong [EMAIL PROTECTED] writes:
There's no security gain from not having real IPs on machines.
Any belief that there is results from a lack of understanding.
This is one of those
11 matches
Mail list logo
