Home page logo
/

basics logo Security Basics mailing list archives

Re: NAT external/Public IP
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 25 Oct 2007 19:23:13 +0200

On 2007-10-25 Jason Alexander wrote:
On 25 October 2007 15:49 Ansgar -59cobalt- Wiechers wrote:
On 2007-10-25 crazy frog crazy frog wrote:
On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:
Would like know is ther any security concern to bring in 
external/public IP with out NAT to inside of the enterprise network.
Is it any way more secure if we use NAT?
[...]
2)If you allow lots of machine to direct access the internet with 
external ip they may pose a security risk.

How would that pose a risk that would not exist with NAT'ed machines?

If its not a security risk then why is it a PCI requirement?

Aside from the fact that this is no answer to my question: apparently
because the people specifying this failed to understand that obfuscation
of IP addresses doesn't add to a system's security. Either the system is
secure, then it doesn't matter whether someone knows its address, or it
isn't, in which case you're just relying on luck, hoping that the Bad
Guys(tm) won't find you. Which you shouldn't.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]