Is NAT designed for security? It hides my network from the rest of the world and creates stateful connections. Along with a whole host of other issues, including breaking end-to-end connectivity. Security isn’t exactly a benefit of NAT even if people see it like that.
Remington Loose does a really great job of digging into all the challenges with NAT and why it’s not exactly security-focused. As he states here:
NAT can provide some security benefits by ensuring the internal IP addresses are obfuscated from the external world. These benefits are eliminated if we don’t use NAT at the edge. While this is true in theory, most services provided to external sources utilize static NATs to ensure the IP address (and better, the dependent DNS entry) are fixed and consistent.
Make sure you read along and check out the extensive list of links at the bottom of the post for more details and documentation.
- Does SPB Mean “Secure Path Bridging”? - February 12, 2020
- Cloud Isn’t Your Key To Compliance - February 10, 2020
- Breaking IoT Security - February 7, 2020
- Answers at Your Fingertips with Forward Networks - February 4, 2020
- Priming Your Application Performance with Intel Application Device Queues - January 29, 2020
- Is Cisco SD Access Intent Based Networking? - January 28, 2020
- Captivating Wireless Connectivity with Cisco OpenRoaming - January 22, 2020
- Does the Apple Airport Extreme Use VLANs? - January 21, 2020
- Predicting Data Patterns with Cradlepoint - January 16, 2020
- How Do RFC3161 Timestamps Work? - January 15, 2020