this post was submitted on 24 Jun 2024
683 points (97.9% liked)

Programmer Humor

32495 readers
49 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] AceBonobo 3 points 4 months ago (17 children)

Why do you say NAT doesn't make a network more secure?

[–] [email protected] 6 points 4 months ago (11 children)

It wasn't designed for a security purpose in the first place. So turn the question around: why does NAT make a network more secure at all?

The answer is that it doesn't. Firewalls work fine without NAT. Better, in fact, because NAT itself is a complication firewalls have to deal with, and complications are the enemy of security. The benefits of obfuscating hosts behind the firewall is speculative and doesn't outweigh other benefits of end to end addressing.

[–] AceBonobo 1 points 4 months ago (10 children)

The main benefit of a NAT is that by default it prevents all external access to the hosts inside the network. Any port you have open is not accessible unless explicitly forwarded.

This has a lot of security benefits. Regardless, everything you said is sounds true to me.

[–] [email protected] 1 points 4 months ago (1 children)

Yeah, no. If remote hosts could not send traffic to hosts behind NAT almost nothing would work.

The hacks employed to make NAT work make security worse, not better.

[–] AceBonobo 1 points 4 months ago* (last edited 4 months ago)

You're talking about NAT traversal? We do have control over which we apps we run though?

Edit: apparently NAT is full of bugs

load more comments (8 replies)
load more comments (8 replies)
load more comments (13 replies)