On 14 Nov 2011, at 18:52, "McCall, Gabriel" <gabriel.mcc...@thyssenkrupp.com> 
wrote:

> Chuck, you're right that this should not happen- but the reason it should not 
> happen is because you have a properly functioning stateful firewall, not 
> because you're using NAT. If your firewall is working properly, then having 
> public addresses behind it is no less secure than private. And if your 
> firewall is not working properly, then having private addresses behind it is 
> no more secure than public. In either case, NAT gains you nothing over what 
> you'd have with a firewalled public-address subnet.


Well this is not quite true, is it.. If your firewall is not working and you 
have private space internally then you are a lot better off then if you have 
public space internally! So if your firewall is not working then having private 
space on one side is a hell of a lot more secure!

As somebody else mentioned on this thread, a NAT box with private space on one 
side fails closed.

--
Leigh


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Reply via email to