I have seen a lot of people saying to others that a NAT gateway acts as a kind passive firewall and helps a little bit with (home) security. Since your ports are not directly reachable from the internet.
Now it seems that certain browsers, and with the current architecture of most RFC1918 networks, there is a high tendency for (bad) things to happen, like IP collisions. This also applies to VPN networks. This has severe implications from a security point of view. Have a look at this research published by Robert Hansen (aka RSnake)
The paper provides a description of the limitations of the attacks and the specific conditions which would make it possible. It is prudent to review the paper and see if this applies to you.
(Photo under creative commons from andy castro's photostream)
Thursday
NAT is not a security feature. RSNAKE releases RFC1918 paper
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment