[fw-wiz] Benefit of firewall over NAT-only 'protected' network

From: Hugh Blandford (hugh_at_island.net.au)
Date: 05/28/03

  • Next message: Sutantyo, Danny: "RE: [fw-wiz] IPSEC(sa_initiate): ACL = deny; no sa created" 
    To: <firewall-wizards@honor.icsalabs.com>
Date: Wed, 28 May 2003 10:35:04 +1000

    Hi all,

    could someone explain the vulnerabilities in a network that is only
    'protected' via NAT. I'm thinking about very small 1-3 person offices or
    SOHO/home environments connected via an ADSL router providing NAT
    functionality.

    Please take into consideration that if they had a firewall, it would be
    setup to allow all outbound traffic and let the 'responses' back in. There
    are no static inbound port or IP translations, no servers running on the
    inside. Issues such as change control and management should be ignored.
    I'm aware that they would benefit from proxy servers etc but most firewalls
    that are purchased by these small sites don't have that capability anyway.

    So any thoughts would be appreciated.

    Thanks,

    Hugh

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Sutantyo, Danny: "RE: [fw-wiz] IPSEC(sa_initiate): ACL = deny; no sa created"

    Relevant Pages

    • Re: NAT is not a mechanism for securing a network.. but.. HELP!
      ... For years I have heard people claim that NAT could be circumvented ... > packet is routed. ... but the only outside network I have access to right now ... > Firewall is a term, most people use other than it was intended. ...
      (comp.security.firewalls)
    • Re: How to get my Dads Win2k system to access internet through my FreeBSD 6.2 system
      ... Windows 2000 machine with a network card but does not have a connection ... establish that there exists basic network connectivity between your ... you will want to configure your FreeBSD machine as a NAT gateway. ... of NAT functionality is usually a function contained within a firewall. ...
      (freebsd-questions)
    • Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy
      ... my browser's access to the Internet is restricted. ... I thought it was the company's firewall extending a slap on my ... > public internet to access corporate network. ... > NAT is Network Address Translation. ...
      (microsoft.public.security)
    • Re: Firewall Questions
      ... No firewall. ... > sketch their idea of what they saw as a new network plan. ... > They want this firewall to be in NAT mode where everything in the LAN ...
      (comp.security.firewalls)
    • Re: XP firewall and printer sharing
      ... the NAT box. ... Your NAT network presumably has a network ... router via your known NAT hub, ... firewall, which is the case for some wireless LAN/ADSL ...
      (microsoft.public.windowsxp.security_admin)