Patrick -
I've said it before, and I'll say it again: NAT is not
a security solution, but a convenience (I know, you still
have the firewall, but this is for your routing people). :-)
As far as logging is concerned, I would hope that your
firewall's logs would contain data on the interface the
packet was received on, which should help you keep track
of where attempted security breaches are coming from.
(connection attempts coming from external hosts would
also be a clue in your case, if I understand your setup correctly).
Unless your log file format is just not that robust, I don't
see any security problem with it.
hth
Valerie
> From: "Kelly, Patrick" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: Placement of NAT in relation to firewall logs
> Date: Tue, 8 May 2001 15:40:05 -0500
>
> I have seen the scenario where clients insist on doing NAT at the perimeter
> router. This leads to the configuration of the firewall to be configured
> with private IP addresses on 'external' and 'internal' interfaces. The end
> result is no way to log or monitor from the firewall any access attempts
> from public ip address sources. The client insists that this is due to the
> fact that no one can get through the NAT of the router. I think all that
> has happened is the masquerading of intrusion attempts from the NAT of the
> router. Anyone have any comments regarding the placement of the NAT at the
> router on security vs. logging? Any fresh viewpoints would be welcome.
>
> Patrick Kelly
> CMS Information Services, Inc.
--
Now Appearing as Widow Dimple in: "The Perils of Sweet Polly Dimple"
and the Gaslighter Theater's Nearly World Famous Vaudeville Revue!
http://www.gaslighter.com/ Now - June 30, 2001. Tickets: 408.866.1408
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
