>----------
>From: Carl Karlsson[SMTP:ckn @
findata .
se]
>Sent: Friday, January 03, 1997 11:43 AM
>To: 'Firewalls Mailing List'
>Subject: RE: NT NAT
>
>
>On Fri, 3 Jan 1997, Russ wrote:
>
>> You got anything intelligent to say on just why you think NAT offers ANY
>> SECURITY AT ALL??? I can't wait to hear it. I mean ANY SECURITY AT ALL.
>
>I'd like to know if and why this means that masquerading one's network
>behind a 'secured' host doesn't provide any added security from just
>connecting the network straight out? Or am I missing something here (not
>unusual :)?
>I was under the impression that if I use some box (Linux with TIS fwtk for
>example, or that NT box perhaps?) masquerading my network and using
>192.168.x.x-addresses inside, I would be at least a little bit more secure
>than if had all my w95/nt/unix machines directly connected to the
>internet?
A hacker will know if those machines are there or not... Most people who
don't know too much about the net wouldn't think anything of there
possibly being more machines behind the firewall... however, hackers
will..
I suppose you could toss this under the 'security through obscurity'
theme, but.... time has taught us that doesn't work. Hackers are very
curious beings and will find just about anything, no matter how well you
think you've hidden it. Machines that are masqueraded? That's nothing.
The people that wouldn't even think about anything being hidden that way
wouldn't be able to hack the machines anyway. That's my opinion anyhow,
and I'll stick to it.
>(Not talking super-secure here, not flaming anyone, but just interested!
>Pointers do nicely if this is already well-known...)
No, not talking super secure.... but that's the type of security that
the only people that would be fooled wouldn't know how to hack those
hidden machines anyway.
|
|
