This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
Legend Legend
Legend
‎2022-01-25 07:58 AM
In response to Libor_Kovar

I suppose an argument could be made that NATting inbound traffic into a privately-addressed DMZ does provide some "security through obscurity" by hiding the server's true inside address from the outside world.  In some cases this true address will need to be known when trying certain types of exploit attempts against the server.  However there are so many ways that web servers in particular can leak their true IP address through error pages and such I'd say NATting really doesn't provide much security benefit, increases the complexity of the network slightly, and incurs some extra NAT processing on the firewall.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

View solution in original post

(1)
Who rated this post