[ale] V6 question

Greg Freemyer greg.freemyer at gmail.com
Wed Feb 9 13:43:54 EST 2011


Richard,

I gather Michael is saying the consumer box most users have is combo
fireware / NAT device.

And all the security comes from the firewall function, not the NAT function.

Somewhere he said NATs do exist with zero firewall functionality and
thus the outside world can get to anything on the inside.  I admit to
never having seen one.

I assume a NAT like that has to have a public rout-able IP for every
device on the other side of the NAT.

Greg

On Wed, Feb 9, 2011 at 8:28 AM, Richard Bronosky <Richard at bronosky.com> wrote:
> You may be correct, but if not for NAT windows users would have no security
> at all.
>
> On Feb 5, 2011 12:47 PM, "Michael B. Trausch" <mike at trausch.us> wrote:
>
> On Sat, 2011-02-05 at 12:39 -0500, Mike Harrison wrote:
>> It also keeps the outside world from conne...
>
> Everyone gather round.  Say it with me:
>
>                     NAT is not a security mechanism.
>
> Seriously.  I mean it.
>
>         Let me repeat that: NAT is not a security mechanism.
>
> It was intended to enable privately addressed networks to have limited
> communication with hosts on the Internet.  It has the side effect of
> using tables to figure out how to rewrite packets, but this does not
> provide any security.  It does not.
>
>           One more time: NAT IS NOT A SECURITY MECHANISM.
>
> Or to put it another way:  NAT is as effective at providing security for
> your network as groping at airports is for providing security there.
> It's all a show; it's faux security that makes people feel better but
> does not serve any real purpose.
>
> I've gone on about NAT recently in other threads here.  You can find
> those, or you can read the post I wrote in my blog about NAT if you
> want:
>
> http://mike.trausch.us/blog/2011/01/31/more-about-networking-part-2-nat/
>
>        --- Mike
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>



-- 
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com



More information about the Ale mailing list