Posted by: Anonymous Coward
on January 28, 2004 04:58 PM
There are additional factors that work in a NAT's favor securitywise. Since all systems behind a NAT appear to come from a different IP address from the originating computer, an outside attacker doesn't know the precise architecture of the network behind the NAT. If you only have a firewall in place, data gathering is significantly simplified for prospective attackers. Security through obscurity isn't the only answer, but in this case it certainly doesn't hurt.
Further, a NAT doesn't require the cost or red tape typically associated with putting a system on a network. A globally accessable IP doesn't need to be purchased from an ISP or allocated from a company's pool of addresses. The network is also more portable, as one could disconnect the entire thing and plug it in elsewhere with few changes. This is particularly useful in embedded devices, where one might have an internal network that can't be limited by the requirements of other networks that it may attach to.
That's not to say that NAT is the one true answer. There are certainly many headaches caused by packet mangling that can't be easily solved on the protocol level. I've had to work around NAT's faults often enough that I understand where you're coming from. The internet being what it is though, NAT does have a place. As much as we might all like it to, it's not going to go away.
Learn about Linux
Download Linux
Get Linux help
Re:NAT and Home Networks
Posted by: Anonymous Coward on January 28, 2004 04:58 PMFurther, a NAT doesn't require the cost or red tape typically associated with putting a system on a network. A globally accessable IP doesn't need to be purchased from an ISP or allocated from a company's pool of addresses. The network is also more portable, as one could disconnect the entire thing and plug it in elsewhere with few changes. This is particularly useful in embedded devices, where one might have an internal network that can't be limited by the requirements of other networks that it may attach to.
That's not to say that NAT is the one true answer. There are certainly many headaches caused by packet mangling that can't be easily solved on the protocol level. I've had to work around NAT's faults often enough that I understand where you're coming from. The internet being what it is though, NAT does have a place. As much as we might all like it to, it's not going to go away.
#