1,234
edits
Changes
→NAT as a security tool
In order to allow access to a machine on a private subnet you have to make a whitelist on the router, with every explicit service that's supposed to be accessible on your internal machine. All things being equal - a whitelist provides a greater level of security than a blacklist.
And at the end of the day if you screw up the setup of your router: the worst thing that will happen is that your internal service will be inaccessible. From a security point of view that is much better than a screwup with a firewall (on each system on a network) which can make ''every system and service'' accessible to ''everyone on the internet''.
= PART 3: YOUR TASKS =