Hi,
IMHO, NAT is an important component of any security plan. It may be a small
or large part of the overall plan but it varies with the site's policy.
The 3 possible implemenetation of NAT that you mentioned will all work for
you, but I feel that from a cost benefit point of view, the use of a
firewall would make more sense. The firewall does more then NAT and I
believe you would need a firewall as part of your security infrastructure.
Having a dedicated box running a NAT application is kind of wastefull but
then again you may have your reasons for doing so.
Using the router to do NAT seems to make alot of sense for some people but
I feel that you should let the router do what is primarily its main
function : i.e providing routing . Well , many people may disagree with me
on this but NO FLAMES PLEASE.
Cheers!
martin
chrisp @
tidalwave .
net on 02/03/97 03:07:21 AM
Please respond to chrisp @
sitescape .
com
To: firewalls-digest @
GreatCircle .
COM
cc: (bcc: Martin Khoo/SIN/Lotus)
Subject: Optimal Throughput for NAT
NAT is a small part of my overall security plan. I'm looking for the
best way to implement NAT, primarily from a cost and performance
standpoint. Currently, I know of three ways to do NAT:
1) Install and configure a firewall
2) Dedicate a host, using software such as IPRoute
(http://www.mischler.com/iproute/)
3) Configure a router (e.g. Cisco with IOS 11.2 and "IP Options")
I'm looking for feedback on the following:
1) What is my best dollar/cost solution?
2) Are there other ways to implement NAT that I'm not aware of?
Thanks in advance for any feedback.
Chris
|
|
