NAT first and foremost means using private address ranges as opposed to being reachable on a public address. Sure a properly configured firewall would protect against many scenarios where NAT does not. Still, when somebody asks me whether they should flip the NAT switch on their router at home, I will say "yes it protects you". And that's true.
A compromised upstream is a whole other league from most threats. At that point you've got to think about physically hardening your network equipment because the people who attack your ISP's network equipment would probably find it worthwhile to sneak into your home to compromise your network directly.
A compromised upstream is a whole other league from most threats. At that point you've got to think about physically hardening your network equipment because the people who attack your ISP's network equipment would probably find it worthwhile to sneak into your home to compromise your network directly.