Re: Misconceptions
From: Coercitas Temet'Nosce (coercitas@hotmail.com)
Date: 01/13/03
- Next message: Fondula di Carceri: "Re: FIREWALL FOR ADVANCED USERS?"
- Previous message: those who know me have no need of my name: "Re: bad sendmail console dump"
- In reply to: JR: "Misconceptions"
- Next in thread: JR: "Re: Misconceptions"
- Reply: JR: "Re: Misconceptions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Coercitas Temet'Nosce" <coercitas@hotmail.com> Date: Mon, 13 Jan 2003 22:30:37 +0100
Hello JR,
What you said is really valid and surely may help many ppl understand what
is what, I admit Firewalls and Routers aren't the exact same thing (of
course they aren't). Now, I fail to see the point of your post. Someone
asked if a router can be an effective line of defense, surely comparing it
with firewall because of the post title. Here is his post :
"A friend told me that a cheap router is a great way to protect
yourself from hackers. Is this true? I have a cable modem and I am
concerned about hackers. I am using the trial version of Norton
Personal Firewall, I wonder if that program is any good? Also, if a
router is the way to go, can someone recommend a good, cheap one. I
only have one computer in my home.
You help is appreciated and thanks in advance for it.
Mark"
I don't see any part of this post stating a router IS a firewall, I clearly
see a clever title wondering if a router can be a firewall (actually, I
found this title really smart and I even answered something, can't remember
what). Further answers were kinda confusing btw. But initial post was a good
one and surely something many readers wonder themselves, it is NOT stated
that a router is a firewall, only asking if a router "is a great way to
protect yourself from hackers", which is a solid question, don't you think ?
Imagine you don't know at all what a firewall is, what a router is or what a
virus is, not to mention you aren't even aware someone can hack your box
just to feel himself so powerfull. A friend of yours tells you everything he
knows (and surely as accurate he can be), you remember some words you don't
correctly understand and you wonder what the hell he said to you...you find
this forum and try to read as much as you can to ask a quite clever question
(the one that was asked was NOT a stupid one, really not)...Do you think
your question will be as smart as his ?
Try something else : Find someone who knows how to pilot a plane, ask him to
teach you, and then, try to fly...
You'll love your bus stunt I think :o)
"JR" <notlikely@nowhere.com> a écrit dans le message de news:
LnAU9.46186$L47.6959148@read2.cgocable.net...
> What some contributors to this newsgroup seem to need, is a better
> understanding of the devices and technologies commonly referred to here.
>
>
>
> There seems to be some confusion on what does what. In
> comp.security.firewalls FERRANTE (Mark) recently asked "Is a router a good
> firewall?" That is akin to asking "is a bus is a good airplane". Just
> because a bus can fly off a cliff or perform a stunt as in the movie
> "Speed", does not qualify it as an airplane!
>
>
>
> True routers route traffic much like the old railroad turntables
> (http://www.railroadextra.com/roundtab.html) were used to redirect
> locomotives when there was more than one path they could take. If there
are
> only two pieces of track leading to the turntable, then the routing
function
> is void and simply becomes a relaying function.
>
> Routers can implement "access control lists", a rudimentary form of
> filtering, but that does not make them a "firewall".
>
>
>
> NAT can be implemented on many routers, but only on stub network (the last
> leg of a route, usually a private/office network) routers. The original
> intent for NAT (see RFC1631) was a stop gap measure to overcome the
> increasing shortage of legitimate IPs (RFC1918). The fact that internal
> private address ranges were masked from public view was a side benefit as
a
> result of the translation, not an intentional security measure.
>
>
>
> Routers are NOT firewalls. Firewalls implement security policies or rules
> and work closely with routers or routing functions. Firewalls either allow
> or deny packets based on the implemented rules. Any good firewall uses SPI
> (Stateful Packet Inspection) and PAT (Port Address Translation) as opposed
> to its lesser cousin NAT.
>
> Routers do not use SPI and PAT. If they do, then they are
Router/Firewalls.
>
>
>
> Routers and Firewalls do not perform any anti-virus functions. These are
> handled by (surprise, surprise) anti-virus programs, which should be on
the
> individual client machines if the firewall/router/NAT functions are on a
> separate, dedicated machine (as opposed to a network consisting of one
> computer). Anti-virus programs use pre-defined virus signatures and
> heuristic methods (on the better ones).
>
>
>
> A NIDS (Network Intrusion Detection System) is just that. It can be a
> combination of programs that alerts the system of attempted intrusion. For
> example, receiving a stream of FIN packets is not normal, and is therefore
> reported by the NIDS as a possible port scan, normally the prelude to an
> attack. Although Black Ice NIDS apparently has heuristic capabilities,
that
> would be an anti-viral component working in conjunction with the NIDS, but
I
> am not experienced with Black Ice.
>
>
>
> This rant is not meant to insult or offend anyone, but it would be nice to
> keep facts and information somewhat correct.
>
>
>
> If anyone finds the above info incorrect, let me know, and back it up with
> VALID documentation.
>
>
>
> If I screwed up anywhere...well...I guess it just sux2B_me :-)
>
>
>
> JR
>
>
- Next message: Fondula di Carceri: "Re: FIREWALL FOR ADVANCED USERS?"
- Previous message: those who know me have no need of my name: "Re: bad sendmail console dump"
- In reply to: JR: "Misconceptions"
- Next in thread: JR: "Re: Misconceptions"
- Reply: JR: "Re: Misconceptions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
