Comment by kstrauser
5 days ago
It’s right up there with “NAT == security”, which is also disappointing for here. It’s not so much the sentiment, as how confidently it’s asserted.
5 days ago
It’s right up there with “NAT == security”, which is also disappointing for here. It’s not so much the sentiment, as how confidently it’s asserted.
Without NAT my computer isn't on the internet, because my ISP only affords me one IP which my router uses. If it's not on the internet, and adversary can't send my computer any packets.
With NAT, an adversary can't send my computer any packets either unless I explicitly set up port mappings.
So, if you can't send my computer any packets, how is it not providing security?
Of course, it doesn't provide full security like a firewall can do, since there's ways to punch holes in the NAT from the inside. But it seems just as incorrect to fully dismiss "NAT == security".
NAT provides some functional security. It is not a replacement for a proper firewall.
My question with all of the lovely IoT devices that rely on that same mechanism is. Why would you even care about connection from outside? Shouldn't you also be secure against inside? Trusting on NAT alone is idiotic and foolish. If you want to protect a port do it properly in the first place. No excuses.
> Why would you even care about connection from outside?
Because if those nice IoT devices were reachable from the internet they could be compromised easily due to their likely shitty firmware with backdoors and hardcoded passwords.
> Trusting on NAT alone is idiotic and foolish.
Sure, but that's a far cry from saying NAT provides no security.