Firewalls: RE: Cisco's PIX firewall

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Cisco's PIX firewall
From:	Russ <Russ . Cooper @ RC . on . ca>
Date:	Wed, 27 Nov 1996 06:23:38 -0500
To:	Firewalls <firewalls @ GreatCircle . COM>, "'Ryan Russell/SYBASE'" <Ryan . Russell @ sybase . com>

Ryan said...
>NAT gives security for two kinds of hosts:
*
1. Public hosts...<snip>..."NAT is not really needed in this case, nor
does it add much security by itself."...<snip>
*
2. Internal hosts...<snip>...stuff about no one-to-one mapping...but
there is a one-to-one mapping to anything that is inside a NAT and is
going to accept inbound connections...like an internal SMTP server for
example. Then there's the fact that once an internal host makes a
connection through a NAT, it can then be tampered with as if there was
no NAT.
*
If someone asked me what security NAT provides, I'd say none at all.
Firewall-1 and PIX offer security, and, they offer NAT. NAT is not a
security product, it may obscure things, but it protects nothing by
itself.
*
Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security Consulting
mailto:Russ .
 Cooper @
 RC .
 on .
 ca <-- *note the new address*

Indexed By Date	Previous:	Any major concerns with Firewall-1? From: "Vos, Arjan" <Vos . Arjan @ kpmg . nl>
Indexed By Date	Next:	Re: Looping TRACERT? From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Thread	Previous:	Re: Cisco's PIX firewall From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Indexed By Thread	Next:	Re: Re[2]: Cisco's PIX firewall From: Chris Lonvick <clonvick @ cisco . com>