Both of those statements are wrong. It provides benefits to the user and it's no more of a security vulnerability than having any other networking protocol is.
If anything, v4 is more of a vulnerability because it's so easy to scan and because NAT increases the complexity enough that most people don't understand how their networks work.
I didn't say NAT is a security feature. I said developers use NAT to benefit security. The security benefit of NAT is that it forces developers to assign a predictable, private IP address to each device/container/vm/box behind its "firewall," which the gateway can then use for enforcing QoS policies or port whitelisting. Sure, you can do this on IPv6. But IPv6 is more complicated to implement, because all tools support IPv4, and only some support IPv6.
NAT absolutely is security. It prevents naming a resource that an attacker shouldn't have access to, which is the fundamental principle behind many successful security schemes: capability models, containers / virtualization, MMUs, etc.
Sure, there are implementation flaws (as there have been in other such schemes), and sure, just clicking a NAT button and walking away doesn't get you security any more than just clicking a capability or virtualize or MMU button gets you security. But it's a powerful and solid building block, and the Internet is a better and safer place because of widespread use of NAT.
> NAT not being designed for security does not negate the effect of security it does have.
This is true... but the security impact of NAT is negative. It provides no security benefit, but it does confuse people about the security properties of their network, often providing a false sense of security.
imo the protection is real and a good tradeoff for a research project to become a mass medium (i.e. clients usually don't want incoming connections from the internet[1])
don't get me wrong, i like a global address space as much as the next internet native, but it's not for everyone to pay the price for it and nat makes it easy to opt-out of a large portion of the problem space.
[1]
my university used to give public-routed v4 to students connecting their winxp laptop to the network; guess what happend
> It isn't. The arguments that it is a 'myth' boil down to arguments that it isn't perfect and doesn't protect against every attack. Well, guess what: no security measure is perfect and no security measure protects against every attack.
Except NAT provides absolutely no security, and complicates your network setup, thus making it more prone to configuration errors and other attack vectors due to complexity.
> At the very least, a secure IPv6 network will need to hide end user addresses somehow, because giving everyone a unique, globally-addressable and trackable ID is a security showstopper.
That is called privacy extensions. Also, it's pointless if you allow cookies in the browser.
As far as security goes, firewalls don't require it. Not only that, but I share the admittedly minority opinion that firewalls are a crutch for bad system security and that we should be working to fix that problem. A system that requires a firewall to be secure is broken.
> NAT automatically prevents attackers from scanning for and attacking listening ports on the hosts behind it. Given that those who want a service to listen to the Internet should also know enough to forward the ports, I'd say it's a pretty important security benefit and one that has greatly slowed the spread of worms.
So does a few lines of iptables (which work just as well with IPv4), which even most ISP routers that support IPv6 have managed to get right. On the other hand the workarounds for when you actually do want to accept connections through a NAT (cough UPnP) have been consistently misconfigured or had implementations which are simply vulnerable.
NAT actually makes security harder to reason about.
For example, did you know that NAT doesn't prevent inbound connections? At least in v6 people are more likely to realize that, yes, they do need a firewall.
If configured correctly, sure, that's why I use one. I also realize that most random people don't have the technical savy to configure one to be anything other than effectively a NAT gateway.
The fact that something else can also provide that security benefit in no way means that NAT doesn't provide some security benefit. It does.
The whole point of using NAT is that you want to be part of the one network but can't get enough address space for your bit of it. If you didn't, you wouldn't even have routing to the Internet in the first place and therefore would have no need for NAT.
It's perfectly fine to run a separate network. You can do that and still access Internet hosts easily by having one machine that's on both networks and running a proxy on it.
But nobody wants to do that. Almost everybody actually wants to be able to route to the Internet and back, so they set a router up to join the networks, and then (on v4) they have to NAT because nobody will give them enough v4 space for their network.
Unfortunately there's a severe lack of understanding of basic networking concepts and of what routing and NAT are doing, even in people who work in the field.
While NAT does not provide perfect security, it is a component of security in networks where most people have no idea how to harden their systems or devices. It somehow gives me comfort to know that no one can just scan the net to find my phone, as I'm not sure if it would be vulnerable.
I still don't see a reason for the average consumer to have a static, reachable IP for their devices. I see privacy concerns but no advantages.
If anything, v4 is more of a vulnerability because it's so easy to scan and because NAT increases the complexity enough that most people don't understand how their networks work.
reply