When NAT is configured at the firewall to allow the public to access a web server, it is a Static NAT which basically tells the firewall to forward all traffic destined to the global address of a web server to the internal address that is unknown to the public. All traffic is passed through and therefore it will not prevent a hacker from penetrating the server. It will however hide the ip addresses of all other internal servers, preventing hackers from accessing those servers directly from the internet.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 19, 2002 6:27 AM Subject: NAT and Web Server Security > > > We're about to put a public web server on DMZ sitting behind a Teir 1 > firewall and only allow http, ssl to it. We intend to assign a public IP > address to this server and no NAT'ing is done on the firewall for this > address (NATing done for internal network on Teir 2 firewall). > > It has been suggested that without NATing, it is possible for a hacker to > compromise this server and pretend to be our company... > > 1) While NAT address some security issues, doesn't this specific risk > exist regardless of whether NAT is employed or not? > > 2) If NAT does help in this case, I'd appreciate comments as to how > > 3) Is there any good reading material on NAT security - specifically, > what it can and can't protect against. The stuff I've read doesn't seem > to talk about NAT in this context. > > > Thanks > >
