tag:blogger.com,1999:blog-37798047.post437143839295848694..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: NAT is a firewallDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-37798047.post-55599062867853120772017-01-17T10:35:39.175-05:002017-01-17T10:35:39.175-05:00i love reading this article so beautiful!!great jo...i love reading this article so beautiful!!great job! <a href="https://www.tipsforchina.com/best-vpn-for-netflix.html" rel="nofollow">Netflix VPN</a><br />Lauren Gottliebhttps://www.blogger.com/profile/13593983796269846834noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-58930773256294276962017-01-12T14:23:22.552-05:002017-01-12T14:23:22.552-05:00NAT does not allow inbound packets that do not mat...NAT does not allow inbound packets that do not match up with an outbound packet. It certainly does not allow "unrestricted access from the internet." It is not the public IP that is NATed, it is the private IPs that are NATed.Eddyhttps://www.blogger.com/profile/01770510823931021803noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-79773393503053434272017-01-11T13:24:54.047-05:002017-01-11T13:24:54.047-05:00Per Wikipedia, "a firewall is a network secur...Per Wikipedia, "a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules". NAT itself is nothing more than an address translation mechanism. True, a typical home router using NAT will have some inherent security benefits for the devices behind the NAT, but it does not apply any security or access control policy to the public IP itself. The IP that is NAT'd (typically a public IP) allows unrestricted access from the internet by default. It is just assigned to the router directly which is (hopefully) not running any publically facing service that is exploitable.<br /><br />NAT used as a security mechanism is a crutch. With the proliferation of IPv6, we are moving towards a world where NAT will no longer be a requirement. In this case, actual security policies become more important. Remember, we are only using NAT, in the standard home user context, due to the scarcity of IPv4 addresses. It's better those outside InfoSec learn to distinguish between NAT and other IP manipulation and actual security policies.Anonymoushttps://www.blogger.com/profile/04027105192886785961noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-37931592316193295942017-01-11T02:00:48.253-05:002017-01-11T02:00:48.253-05:00I suggest you follow Sans SEC511 and then rephrase...I suggest you follow Sans SEC511 and then rephrase your article, maybe i can then agree.. Else it just is nonesence. The best firewall implementation finds is a layered defence strategy, where nat/ napt also finds its part. But alone you almost have no security and you will be hacked. Anonymoushttps://www.blogger.com/profile/03070209803449652917noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-89034681769408771062017-01-10T16:12:14.207-05:002017-01-10T16:12:14.207-05:00According to ipv6 mentioned by @Unknown, I'd l...According to ipv6 mentioned by @Unknown, I'd like to remind that nothing forbids NAT. You can play in flat network model, you can hide some segments behind NAT or any other IP translation mechanics. Choice is yours.Yury Schkatulahttps://www.blogger.com/profile/00615519415444576045noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-58156216804529616582017-01-10T11:25:31.613-05:002017-01-10T11:25:31.613-05:00I wrote a small piece explaining why NAT is NOT a ...I wrote a small piece explaining why NAT is NOT a Firewall. <br />http://duckie96.wordpress.com <br /><br />Williehttps://www.blogger.com/profile/15278838756305483482noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-12763057566846518102017-01-10T10:02:01.247-05:002017-01-10T10:02:01.247-05:00Your definition of firewall is incorrect. Firewall...Your definition of firewall is incorrect. Firewall is anything that enforces a security policy of an organization. The only way that you were definition would be correct if there was no security policy. <br /><br />NAT is not a firewall.<br /><br />Where did you get your definition of a firewall?Anonymoushttps://www.blogger.com/profile/13236880035131799951noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-44029929156875499432017-01-10T01:05:21.583-05:002017-01-10T01:05:21.583-05:00You are right.
Be reminded that ipv6 is a world wi...You are right.<br />Be reminded that ipv6 is a world without a NAT need. <br />And we are arrived in 2017 and we should design applications that are not<br />security/mobile/offline first they should be ipv6 first.<br />Unknownhttps://www.blogger.com/profile/10185941087165782162noreply@blogger.com