|
|
|
|
|
|
by dspillett
4748 days ago
|
|
|
That doesn't increase security unless your baseline is broken. All NAT is potentially replacing from a security perspective is a single default drop (or default reject) rule, which should have been there to start with. While it could be argued that NAT adds an extra layer to security-in-depth by making it harder to accidentally open things up by missing out the default drop/reject rule, but I'd argue that all the faf that NAT can create by making it difficult to arrange point-to-point connections where they are actually desirable is not worth that little bit of protection against failing to configure the firewall correctly. |
|
|