[TriLUG] Adding to the list of topics: IPv6
Brian Weaver
weave at oculan.com
Thu Jan 22 15:38:38 EST 2004
I prefer to look at NAT as not delegating an entire set of machine as
second class citizens. Instead I tend to think of the machines behind
NAT/Firewall as children not yet battle hardened enough to handle the
real world. A prime example is my wife's Windows box. It just isn't
ready for all the bullies on the net. Anti-Virus software is like using
tissue paper for a bullet proof vest. If the bullets a dud you are all
right, if not then pray for a poor marksman.
NAT is no excuse for poor internal security, but it does allow a certian
amount of flexibity and breathing room on internal systems. Think of it
as a gated community. Only a truely skilled and determined thug can get
in to bang on your door (unless you've left the gate open of course).
-Weave
Tanner Lovelace wrote:
> Mike Johnson wrote:
>
>>
>> So? There are not ~ 4.3 billion 'servers'. Never will be. From my
>> workstation, I don't need to have a direct conversation with your
>> workstation.
>
>
> Not necessarily. For reference, note that SpeakFreely is being
> withdrawn, mainly because of problems dealing with boxes that
> are only connected through NAT. NAT, for all the good things it
> gives, does delegate an entire set of machines as 2nd class net
> citizens. So, you have to look at the tradeoffs in the current
> system and decide what you want, but just saying that NAT is unqualifiably
> good is not the way to go.
>
> Cheers,
> Tanner
>
More information about the TriLUG
mailing list