Is NAT designed for security? It hides my network from the rest of the world and creates stateful connections. Along with a whole host of other issues, including breaking end-to-end connectivity. Security isn’t exactly a benefit of NAT even if people see it like that.
Remington Loose does a really great job of digging into all the challenges with NAT and why it’s not exactly security-focused. As he states here:
NAT can provide some security benefits by ensuring the internal IP addresses are obfuscated from the external world. These benefits are eliminated if we don’t use NAT at the edge. While this is true in theory, most services provided to external sources utilize static NATs to ensure the IP address (and better, the dependent DNS entry) are fixed and consistent.
Make sure you read along and check out the extensive list of links at the bottom of the post for more details and documentation.
- Design: Is It One Site or Two? - October 15, 2019
- Investing in the CWNE - October 15, 2019
- Wi-Fi6 Ratification: Not So Fast My Friend - October 14, 2019
- Connectivity Solved with Aryaka - October 11, 2019
- All-In on AI With Mist and Juniper - October 10, 2019
- Firefox DNS-over-HTTPS for the Enterprise - October 9, 2019
- When Is Something SD-WAN? - October 8, 2019
- Supply-Chain Security and Trust - October 3, 2019
- Using SD-WAN to Unify Communications with NEC and InfoVista - October 3, 2019
- Customer FAQ: Is NAT Security? Should I Remove My Public IPv4 From My Internal Network? - October 1, 2019