Byte.com: Is NAT Enough Security?Dec 06, 1999, 21:32 (4 Talkback[s])
(Other stories by Jon Udell)
"But is NAT, alone, really sufficient? A true firewall does stateful packet inspection. A lot of cracking exploits rely on the fact that unexpected outbound traffic is never filtered, hence the need to correlate what goes outbound with what came inbound...."
"I've always been a big fan of network appliances. The first one I fell in love with was the Cayman Gatorbox, which was nominally an Ethernet/Appletalk router, but could also make UNIX NFS servers look like AppleShare servers. When it arrived at Byte.com, we just plugged it in, enjoyed the services that it provided, and that was that."
"When it comes to firewalls, convenience isn't the only virtue of an appliance-like solution. When I read O'Reilly's classic "Building Internet Firewalls" by D. Brent Chapman and Elizabeth Zwicky, I was depressed for about a week. Why?..."