• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Organisations that don't use NAT

StinkyPinky

StinkyPinky

Diamond Member
For work I've come across a couple of large networks that don't appear to use NAT. Usually a university of some sort. All the clients tend to have a public non-private range (often class b) which I presume they purchased in bulk years ago when such things were easy to do.

I'm by no means a networking expert but why isn't this a security risk? Wouldn't that leave each client PC exposed directly to the internet? Is there some inherent advantage to not using NAT that I'm not aware of?
 
Even without NAT, there is presumably a firewall in place to restrict traffic in/out to the internet. Think about how IPv6 works. There is no NAT with IPv6, so every client will get a publicly routable internet IP. You can still restrict what IPs can talk between each other with a firewall or router ACL.
 
The only main danger is someone DDOSing a known IP or something like that....but there are measures that can be put in place.

With IPv6, NAT will be a dinosaur. Even your USB stick may have an address.
 
alkemyst said:
The only main danger is someone DDOSing a known IP or something like that....but there are measures that can be put in place.

With IPv6, NAT will be a dinosaur. Even your USB stick may have an address.
Click to expand...
nanobots.png


Heh.
 
I will believe IPv6 when I see it. No one wants to use that thing. The only reason we are "out" of IPs is people like the OP designed their networks wrong.
 
NAT != security. It's security through obfuscation. NAT without any other services doesn't help you at all.

You can have stateful packet inspection, layer 7 inspection, IPS, IDS, etc, etc, all without requiring NAT.
 
As others are pointing out, NAT is NOT security. NAT is only for translating addresses to other addresses, it gives some security through obscurity but is no replacement for a true firewall.
 
yinan said:
I will believe IPv6 when I see it. No one wants to use that thing. The only reason we are "out" of IPs is people like the OP designed their networks wrong.
Click to expand...

When I started at my current company they had a /22 block of IP addresses and were using some as internal addresses because someone designed it that way a long time ago (mid 90s). That promptly was changed at the earliest possible opportunity.
 
You must log in or register to reply here.
Back
Top