A few days back I posted about how Cable ISP's should have NAT on their cable routers instead of just assigning a public IP directly to the PC that connects to the modem. Apparently many of you have taken that to mean that I believe that NAT is a security feature in itself. Well, I do believe that NAT does help to make you more secure, but IT IS NOT a security measure. I would not trust NAT alone to secure my PC. Neither would I trust a firewall alone to secure my network.
I believe that NAT has it's place in securing a network whether it is at home or at work. Would you rather have all of your endpoints assigned a public address or have them be "hidden" behind a NAT device and therefore not directly accessible from the internet? I've never heard of a private address being attacked from the internet unless either there is a vulnerability at the edge that is exploited or the user does something that gives the attacker access to the machine. If it is just "sitting there" it is pretty safe. A PC that has a public IP address that is just "sitting there" is open to attack.
Someone brought up the point that lots of NAT devices are running older, unpatched versions of Linux and that they are vulnerable more so than a fully patched PC. That may be so, but most exploits are aimed at PC's and not home based NAT devices. I still feel more comfortable with the extra layer that NAT gives me. No I don't think it is a security measure in itself, but I do think that it is useful to "help" keep you more secure.
Security's Everyman
Sunday, February 25, 2007
Is NAT Security?
Posted by Andy, ITGuy at 7:46 AM
Labels: Andy ITGuy, information security, NAT
Is NAT Security?
2007-02-25T07:46:00-05:00
Andy, ITGuy
Andy ITGuy|information security|NAT|
Subscribe to:
Post Comments (Atom)