On 29 Nov 2013, at 04:03, "Brian Schenkenberger, VAXman-" <system at
TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
{...snip...}
It is getting ludicrous. Soon we'll all be behind NAT "for our own =
safety". Ugh.
NAT doesn't necessarily provide you or buy you any better security.
Well not necessarily but if you're the type to leave 20 services open on your box and
you doing it on a NAT'd network with no port forwards, those 20 service won't be
internet visible. I was being a bit sarcastic there because soon ISPs will start charging
extra for non-NAT'd service I think, as the free IP pool gets shallower and
shallower.
So NAT for n00bs = good. It doesn't expose their machine directly to the internet.
Especially if you get the box from ISP like most people in the UK, they could lock down
UPNP and any internet facing management ports, and the "crazy amount of open
services" problem is gone.
Of course a less than brilliant user can go and download something that compromises his
system on the INSIDE of the NAT and makes an outgoing connection, and you're right,
you'd need a firewall (or competence) to stop that.
Sampsa