[ale] V6 question

Michael B. Trausch mike at trausch.us
Sat Feb 5 12:46:21 EST 2011


On Sat, 2011-02-05 at 12:39 -0500, Mike Harrison wrote:
> It also keeps the outside world from connecting to the inside (behind 
> firewall) world, What functions that way in your above scenerio,
> firewall 
> rules ? 

Everyone gather round.  Say it with me:

                     NAT is not a security mechanism.

Seriously.  I mean it.

         Let me repeat that: NAT is not a security mechanism.

It was intended to enable privately addressed networks to have limited
communication with hosts on the Internet.  It has the side effect of
using tables to figure out how to rewrite packets, but this does not
provide any security.  It does not.

           One more time: NAT IS NOT A SECURITY MECHANISM.

Or to put it another way:  NAT is as effective at providing security for
your network as groping at airports is for providing security there.
It's all a show; it's faux security that makes people feel better but
does not serve any real purpose.

I've gone on about NAT recently in other threads here.  You can find
those, or you can read the post I wrote in my blog about NAT if you
want:

http://mike.trausch.us/blog/2011/01/31/more-about-networking-part-2-nat/

	--- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110205/bd498069/attachment.bin 


More information about the Ale mailing list