cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1034
Views
0
Helpful
1
Replies

Are ACLs necessary with PAT?

Bob Smith
Level 1
Level 1

I've been deploying Cisco routers for the longest time now, and I was curious, how necessary is it to apply ACLs to the WAN interface with a single nat overload (on Vlan1)? I was under the impression that natting alone provided the necessary security that you would get by applying the standard ACLs within a network (e.g. incoming TCP/UDP connections wouldn't be accepted, as they have no where to route to)

1 Reply 1

Hello Bob,

Nat does  hide details of your inside network, it may also slow an attacker down but it wont stop reconnaissance attacks, determine the ip ranges of your site, what host/services are available via port scanning.

If the hacker has the expertise they could do a lot of harm with all this information, that why we should use all the necessary tools available to us to try and avoid or at least make it much harder for them to gain access to that information.

NAT should be deemed as a very very weak form of security.

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: