Re: Systems behind NAT - port scanning etc.
From:Date: 10/30/02
- Next message: Lik Mai Sak: "Re: Router Firewall Recommendation"
- Previous message: DX: "What are these ports?"
- In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Next in thread: : "Re: Systems behind NAT - port scanning etc."
- Reply: : "Re: Systems behind NAT - port scanning etc."
- Reply: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Oct 2002 18:18:39 +1100
Melinda Shore wrote:
> In article <3DBEE599.3ADE483E@yahoo.com>, Lik Mai Sak <alt.test> wrote:
> >Due to the upsurge in broadband, I encourage as many people as possible to go
> >to a router with NAT rather than a cable modem/soft client/ICS setup.
> Really? When someone asks me how to tell whether or not a
> consultant is any good, I tell them to ask about NAT.
So what exactly is your problem with NAT? It does what it does, translate
addresses/ share a single(+) WAN IP. Some people incorrectly say "it's a firewall"
because it blocks certain traffic. Some vendors implementations are crap, some are
good.
A well configured* and implemented NAT based router is less vulnerable than a
software firewall. Ever had a virus delete your router? Or a buffer overflow**? Or
a memory leak.
> It's a sure thing that someone who recommends NAT as a
> security device doesn't understand IP or security.
And clients *do* understand security? Ever tried explaining security to the
clueless twits that use computers? A good consultant can explain things to a
client, in terms their little minds can comprehend. Too much technobabble and they
switch off. Telling a client to "go read RFCeditor.org" or subscribe to bugtraq is
not good sense.
> >What would you recommend as an alternative with similar price/performance?
> Firewall, no NAT.
> Melinda Shore - Software longa, hardware brevis - shore@panix.com
Not a router with filtering/access control/NAT/SPI to a multihomed box running
Firewall/Logging and proper security enabled?
E.
*like the old argy about Linux vs MS. It's the twit that builds it that ultimately
determines the level of security.
** I know. Don't say it.
- Next message: Lik Mai Sak: "Re: Router Firewall Recommendation"
- Previous message: DX: "What are these ports?"
- In reply to: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Next in thread: : "Re: Systems behind NAT - port scanning etc."
- Reply: : "Re: Systems behind NAT - port scanning etc."
- Reply: Melinda Shore: "Re: Systems behind NAT - port scanning etc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
