Is NAT designed for security? It hides my network from the rest of the world and creates stateful connections. Along with a whole host of other issues, including breaking end-to-end connectivity. Security isn’t exactly a benefit of NAT even if people see it like that.
Remington Loose does a really great job of digging into all the challenges with NAT and why it’s not exactly security-focused. As he states here:
NAT can provide some security benefits by ensuring the internal IP addresses are obfuscated from the external world. These benefits are eliminated if we don’t use NAT at the edge. While this is true in theory, most services provided to external sources utilize static NATs to ensure the IP address (and better, the dependent DNS entry) are fixed and consistent.
Make sure you read along and check out the extensive list of links at the bottom of the post for more details and documentation.
Read more at: Customer FAQ: Is NAT Security? Should I remove my public IPv4 from my internal network?
