RE: [fw-wiz] Home Environment Cisco
From: Noonan, Wesley (Wesley_Noonan_at_bmc.com)
Date: 05/30/03
- Previous message: James Baumgardner: "RE: [fw-wiz] Home Environment Cisco"
- Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
- Next in thread: Jeremiah Cornelius: "Re: [fw-wiz] Home Environment Cisco"
- Reply: Jeremiah Cornelius: "Re: [fw-wiz] Home Environment Cisco"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'hermit921'" <hermit921@yahoo.com>, firewall-wizards@honor.icsalabs.com Date: Fri, 30 May 2003 16:23:54 -0500
Filtering outbound... stateful inspection... DoS controls in place... proxy
filtering... SMURF, Flood, Teardrop, Land and exploit prevention, most of
the ICSA labs requirements... other than that, it sounds great!! :-(
Sometimes I think that GRC, NMap and Nessus are the worst security tools out
there. People run them, get negatives and think "wow, I must really be doing
great". Unfortunately it seems that a lot of folks seem to think that as
long as GRC "Shields UP" says everything looks good, it is.
I really wish the NAT proponents would read the RFC where the authors
themselves condemn NAT as a security solution in and of itself. It is a
great component of a security solution, but it is not alone a solution. If
the folks that authored it realize this, no offense but I doubt any of us
here are bright enough to find a flaw in that logic.
Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan@bmc.com
http://www.bmc.com
> -----Original Message-----
> From: hermit921 [mailto:hermit921@yahoo.com]
> Sent: Friday, May 30, 2003 12:29
> To: firewall-wizards@honor.icsalabs.com
> Subject: RE: [fw-wiz] Home Environment Cisco
>
> Given all this discussion, I have to ask about NAT. I have a small
> Netgear
> DSL router (using NAT) at home. I consider it a great firewall because it
> doesn't let in any packets at all when I run nmap scans from the
> outside. It syslogs to my unix machine. What more could I want in a
> firewall for a home environment?
>
> hermit921
>
> At 10:26 PM 5/29/2003 +0200, Ben Nagy wrote:
> > > -----Original Message-----
> > > From: firewall-wizards-admin@honor.icsalabs.com
> > > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> > > Of salgak@speakeasy.net
> > > Sent: Thursday, May 29, 2003 9:39 PM
> > > To: nathan.grandbois@cerdant.com; firewall-wizards@honor.icsalabs.com
> > >
> > > > -----Original Message-----
> > > > From: Nathan [mailto:nathan.grandbois@cerdant.com]
> > > > He has a Solaris ultra 60, and two win98 workstations at
> > > > home he wants to be able to communicate, as well as have access to
> the
> > > > internet (NAT).
> >[deleted]
> > >
> > > Reminder: a 50-dollar router from BestBuy also includes a
> > > Firewall. A Cisco 1600 or 2500-series will not. And NAT is
> > > NOT a firewall.
> >
> >[deleted]
> >
> >I'm not going to run over the NAT / FW discussion again, I think my
> opinion
> >on the matter is pretty well documented in the archives, but I am more
> than
> >happy to use _dynamic_ NAT as a pretty effective security mechanism for
> home
> >users. I do normally back it up with ACLs anyway, but that's just out of
> >general principle.
> >
> >ben
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: James Baumgardner: "RE: [fw-wiz] Home Environment Cisco"
- Maybe in reply to: Nathan: "[fw-wiz] Home Environment Cisco"
- Next in thread: Jeremiah Cornelius: "Re: [fw-wiz] Home Environment Cisco"
- Reply: Jeremiah Cornelius: "Re: [fw-wiz] Home Environment Cisco"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
