Re: NAT vs Firewall
From: DougNews (dougnews@Doesn'tWork.net)
Date: 02/11/03
- Next message: Yannick Majoros: "Re: blocking Kazaa and other P2P"
- Previous message: Don/Gen: "Re: Outbound TCP connection to Twixter.net blocked"
- In reply to: Frank: "NAT vs Firewall"
- Next in thread: Calvin Crumrine: "Re: NAT vs Firewall"
- Reply: Calvin Crumrine: "Re: NAT vs Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "DougNews" <dougnews@Doesn'tWork.net> Date: Tue, 11 Feb 2003 13:46:00 GMT
When you say a 'small network', is it home or business related. The information
you have on it may be the difference in how you want to protect it. NAT should
be good enough for most home users; I would think you would want a firewall for
business - especially if you have servers or port forwarding needed on the
router. SPI will help in logging, email alerts and stopping hacker attempts.
Your NAT router might do this already as it may have other coding to see spoof,
land attacks, etc. So it also depends on the router you have. I think the
following link puts it well-
http://www.smallnetbuilder.com/Sections-article18-page1.php
Firewall Type
One of the first questions you may be faced with is whether to buy a "Stateful
Inspection" or "Stateful Packet Inspection" (SPI) based router. To answer this
question, you'll need to know a little more about how a router works its magic.
All consumer grade routers are based on Network Address Translation. This is the
technology that lets you have multiple computers on your LAN (which each have
their own IP address) communicate with the Internet through the single IP
address that your Internet Service Provider / Broadband Service Provider (ISP /
BSP) assigns to you. NAT also provides a basic firewall, since it only allows
data from the Internet through it if that data is the result of a request that
originated on a computer on your LAN. Since NAT requires that the router look at
(or inspect) part of each data packet that passes through it, why isn't that
considered SPI?
Turns out that the answer to this question is the subject of some amount of
debate in the industry, partially due to the term's misuse by some companies to
describe early NAT-based products. It's also difficult for the average purchaser
of a router to verify actual SPI operation. On a practical basis, however, it's
not so much a matter of NAT vs. SPI, but a question of the feature set you
desire. "SPI" based consumer routers can usually be differentiated from their
plain-vanilla cousins by the presence of features like emailed attack alerts and
reports, although exceptions can be found to this rule. In the end, SPI is being
mainly used as a way to charge more for a product that has rapidly moved down
the price curve to become a commodity.
Recommendation: If the only difference in features between the products that
you're considering is that one has SPI and the other doesn't, choose the SPI
product if you tend to use a lot of mapped ports, or you're hosting some sort of
server behind your router. Otherwise, plain ol' NAT should do just fine.
"Frank" <nospam@nowhere.com> wrote in message
news:b2ath5$mbi$1@knossos.btinternet.com...
> I have recently been informed that NAT provides adequate security protection
> from the internet for a small network. Is it really necessary to install a
> SOHO firewall? If I install a SOHO firewall, what benefits and security
> advantages does this have over an ADSL router utilising NAT?
>
> Thanks in advance,
> Frank.
>
>
>
- Next message: Yannick Majoros: "Re: blocking Kazaa and other P2P"
- Previous message: Don/Gen: "Re: Outbound TCP connection to Twixter.net blocked"
- In reply to: Frank: "NAT vs Firewall"
- Next in thread: Calvin Crumrine: "Re: NAT vs Firewall"
- Reply: Calvin Crumrine: "Re: NAT vs Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
