Re: Software Firewall NAT Router or Both

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 12/16/03


Date: Mon, 15 Dec 2003 23:39:00 -0000


"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:5vqrtvosv9j4h9noi5qivj055unm6jgkb2@4ax.com...
> On Mon, 15 Dec 2003 13:16:51 -0000, "ClareOldie"
> <ClareOldie@nowhere.ie> wrote:
>
> >K2NNJ wrote:
> >> I am currently running NPF 2003 on a Dell XP machine. When I run the
> >> sygate security test I get all ports blocked. When I run a NAT
> >> router(Linksys BFSR41) without the FW ports 80 and 113 are open. If
> >> I run the FW and the router I get the same results. Ports 80 and 113
> >> are open.
> >>
> >> I have a couple of questions.
> >>
> >> 1. What should I run?
> >> 2. Can I be attacked on ports 80 and 113?
> >> 3. What does a NAT router block?

> >With the router connected the site is testing the Router not your pc.
> >Without the router its your pc that is being tested.
> >I would run both and also look at configuring the router to show all
ports
> >blocked.
> >When using both anything that has slipped by the router is caught by the
> >firewall. The firewall also gives application control on outbound
traffic.

> Yes, you certainly need BOTH

A commonly-stated bit of "wisdom".

Why?

Taking the example of breaking-and-entering on a house, what benefit do
interior door bolts do, given that the burglar is inside the hose, with a
complete set of keys?

OK, so a decent IDS system (e.g. large, hungry rottweiler) can make a big
impression.

But how many people /really/ use them? (I can almost count them on the
fingers of one knee.. ;o)

Not to say that a SPFW isn't a way to justify (to yourself) that last
processor and/or memory upgrade..

-- 
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


Relevant Pages

  • Re: Another LAN problem
    ... I do have an Eicon Diva ADSL Router, configuring its ... firewall is worse than configuring this network. ...
    (microsoft.public.windowsxp.network_web)
  • Re: router
    ... firewall software on a firewall is A Bad Idea), ... *nix box can be more versatile, by including things like DMZ routing ... the opinions expressed in this opinion do not necessarily ... While it's unlikely that my Zyxel-based Netgear router or a generic *nix ...
    (alt.computer.security)
  • Re: A question that has been asked a 100 times before
    ... > Open port scans were showing all ports as stealthed. ... > I have recently bought a US Robotics 5461 router. ... > know very little about it and don't yet know how to set up a firewall. ... the opinions expressed in this opinion do not necessarily ...
    (alt.computer.security)
  • Re: Router wobble
    ... > Trend is a big make here in the UK nearly everyone uses there cutters ... IOW, router is faulty. ... >>> So anyway what are your opinions on this wobble is it acceptable ...
    (rec.woodworking)
  • Re: OT: Recommend me an ISP.
    ... it'd only be a tenner a month for 'unlimited' access) but not too ... keen on the fact you seem stuck with using their router. ... any opinions from you lot? ...
    (uk.games.video.misc)