North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Another driver for v6?
Brandon Butterworth wrote:
as I am very tired of all the problems caused by multiple layers of NATs and PAT.
A false sense of security? The belief that hiding behind a single IP might disguise how many hosts you have, which in turn might provide some form of hidden security?
Inside the network, host to host security is what should be. This can assist in some protection against bots that do make it to the network, or internal maliciousness. Security from within has always been overlooked by many, and yet it is the employees who provide the largest security risk.
Stateful firewalls will not be going away entirely, but they can track state and perform proxy services without performing address translation. It just scares people because of their false belief that translating an address shows that security is working. If stateful monitoring/proxying/limiting is not in working, the address translation doesn't really matter.
NAT has had it's uses, but it's lazy and a false sense of overall security. I do think Microsoft is crazy if they think the need for VPN will disappear, unless they have another method for the stateful firewalls to snoop, monitor, and alter the IPSEC host to host packets (which isn't entirely impossible).