Re: Cable Vs. DSL
From: Chris Berry (compjma_at_hotmail.com)
Date: 04/29/03
- Previous message: Fernando Shayani: "Re: UNTRUSTED signature in GPG"
- Maybe in reply to: Hornat, Charles: "Cable Vs. DSL"
- Next in thread: Brian Eckman: "Re: Cable Vs. DSL"
- Reply: Brian Eckman: "Re: Cable Vs. DSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Mon, 28 Apr 2003 19:20:12 -0700
>From: Greg Tracy <greg@sixx.com>
>Here's a question (I'm relatively new at this).
Well, you're in the right place, that's a good start.
>I have a cable connection, with a broadband NAT router which acts as a
>DHCP server for a variety of clients (Mac, Win2K and Linux). All the
>machines are given an internal IP address (like the old class C
>addresses) and the router has the address assigned by the ISP, which
>is what the clients are seen to have from the internet.
So basically what you're saying is that you have one public IP address and
the rest are private non-publicly routable ones divided by your NAT enabled
router.
>Since the router's address is seen as one address from outside, and
>there's no "host" at that IP address, and it is administered at an internal
>address inside the network, is there any way for an intruder to compromise
>my network and get to any of my client machines?
In short, yes, lots of ways.
>Is this the best way (other than using a firewall, or in addition to) to
>make this connection more secure?
NAT basically provides you with about as much security as your mp3 player,
which is to say none at all. This is because NAT is not designed as a
security measure, it's merely a way to broaden the available address pool.
Here are some basic measures I'd recommend to secure your network:
1) Firewall
2) Anti-Virus
3) Spyware detector for your windows machines (I like SpybotSD)
4) Decent passwords on your systems
Depending on your level of paranoia, there's lots more.
Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates
"Without change, something sleeps inside us, and seldom awakens. The
sleeper must awaken." -- Duke Leto Atreides
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
- Previous message: Fernando Shayani: "Re: UNTRUSTED signature in GPG"
- Maybe in reply to: Hornat, Charles: "Cable Vs. DSL"
- Next in thread: Brian Eckman: "Re: Cable Vs. DSL"
- Reply: Brian Eckman: "Re: Cable Vs. DSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
