[e2e] Re: NAT usage at large companies
Valentin Ossman
Valentin at TehutiNetworks.com
Sat Oct 19 02:07:39 PDT 2002
The only way to really secure the network is to establish IPSec tunnels
en-to-2nd between all the servers and workstations.
--
Best Regards,
Valentin Ossman
Tehuti Networks
Fax: +1 (763) 201 3225
mailto:Valentin at TehutiNetworks.com
http://www.TehutiNetworks.com
> -----Original Message-----
> From: end2end-interest-admin at postel.org
> [mailto:end2end-interest-admin at postel.org] On Behalf Of David P. Reed
> Sent: Friday, October 18, 2002 10:20 PM
> To: RJ Atkinson; end2end-interest at postel.org
> Subject: Re: [e2e] Re: NAT usage at large companies
>
>
> At 02:27 AM 10/18/2002 -0400, RJ Atkinson wrote:
> NAT without some other kind of security (e.g. stateful packet
> >inspection firewall) does not provide meaningful security.
>
> I'll take that, and raise you 5 - stateful packet inspection doesn't
> provide meaningful security either (if you can figure out how
> to set it up
> correctly in the first place, you gain no benefit unless you
> carefully
> control what is on the "inside" of the firewall. A good
> first step: no
> Microsoft application software (such as Outlook or Word). A
> good second
> step: no Microsoft networking code, such as NetBIOS over TCP.
> A good third
> step: no users.).
>
>
More information about the end2end-interest
mailing list