Re: NAT external/Public IP

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2007-10-25 Jason Alexander wrote:
> On 25 October 2007 15:49 Ansgar -59cobalt- Wiechers wrote:
> > On 2007-10-25 crazy frog crazy frog wrote:
> > > On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:
> > > > Would like know is ther any security concern to bring in 
> > > > external/public IP with out NAT to inside of the enterprise network.
> > > > Is it any way more secure if we use NAT?
> > [...]
> > > 2)If you allow lots of machine to direct access the internet with 
> > > external ip they may pose a security risk.
> >
> > How would that pose a risk that would not exist with NAT'ed machines?
>
> If its not a security risk then why is it a PCI requirement?

Aside from the fact that this is no answer to my question: apparently
because the people specifying this failed to understand that obfuscation
of IP addresses doesn't add to a system's security. Either the system is
secure, then it doesn't matter whether someone knows its address, or it
isn't, in which case you're just relying on luck, hoping that the Bad
Guys(tm) won't find you. Which you shouldn't.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq