Re: NAT vs Firewall
From: NeoSadist (neos@dist)
Date: 02/12/03
- Next message: NeoSadist: "Re: NAT vs Firewall"
- Previous message: Helmut Schneider: "Re: checkpoint firewall -1 sp3"
- In reply to: Calvin Crumrine: "Re: NAT vs Firewall"
- Next in thread: Calvin Crumrine: "Re: NAT vs Firewall"
- Reply: Calvin Crumrine: "Re: NAT vs Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "NeoSadist" <neos@dist> Date: Wed, 12 Feb 2003 02:01:06 -0700
"Calvin Crumrine" <nospam@example.net> wrote in message
news:3E497D9F.7000504@example.net...
> While the information stored on a network probably makes a difference in
> how you want to protect it I don't think classifying it as home or
> business is the correct approach. That's like saying that it makes a
> difference whether it's your home or your business that gets broken
> into. (I'm assuming that any business info you have on your home network
> is info about your business, not data that's actually owned by somebody
> else, i.e. the company you work for.)
But it makes a difference in the amount of time and the level of sensitivity
it is. I could run my network at home stricter than the government /
military / CIA, but why would I want to go to all that trouble?
>
> I suppose to some people business is more important than their personal
> life, but not to everyone.
And I guess some people are so paranoid that they freak out about
insignificance. You're like totally on the wrong logic train. The idea is
that home is not very sensitive while business is more sensitive. Point in
case: a typical internet user (aka middle class american, for example) has
only about $3000 total assets at max that could be compromised, whereas a
business could be inflicted with tens of thousands of dollars in lost
business, time to computer technicians, possibly even computer equipment,
not to include even their technologies. No offense, but a business is a
more lucrative target.
Beyond all this, the average home user doesn't care. The few that do don't
have the time to worry about the ultra-secure stuff. Even then, for a
computer security technician, that's their job, but at home I doubt they
want to do the same stuff. That's like bringing work home with you.
Bottom line, the two are different, whether you think so or not, and
regardless of if I have the time to adequately explain why they're
different.
>
> DougNews wrote:
> > When you say a 'small network', is it home or business related. The
information
> > you have on it may be the difference in how you want to protect it. NAT
should
> > be good enough for most home users; I would think you would want a
firewall for
> > business - especially if you have servers or port forwarding needed on
the
> > router. SPI will help in logging, email alerts and stopping hacker
attempts.
> > Your NAT router might do this already as it may have other coding to see
spoof,
> > land attacks, etc. So it also depends on the router you have. I think
the
> > following link puts it well-
> >
> > http://www.smallnetbuilder.com/Sections-article18-page1.php
> > Firewall Type
> > One of the first questions you may be faced with is whether to buy a
"Stateful
> > Inspection" or "Stateful Packet Inspection" (SPI) based router. To
answer this
> > question, you'll need to know a little more about how a router works its
magic.
> >
> > All consumer grade routers are based on Network Address Translation.
This is the
> > technology that lets you have multiple computers on your LAN (which each
have
> > their own IP address) communicate with the Internet through the single
IP
> > address that your Internet Service Provider / Broadband Service Provider
(ISP /
> > BSP) assigns to you. NAT also provides a basic firewall, since it only
allows
> > data from the Internet through it if that data is the result of a
request that
> > originated on a computer on your LAN. Since NAT requires that the router
look at
> > (or inspect) part of each data packet that passes through it, why isn't
that
> > considered SPI?
> >
> > Turns out that the answer to this question is the subject of some amount
of
> > debate in the industry, partially due to the term's misuse by some
companies to
> > describe early NAT-based products. It's also difficult for the average
purchaser
> > of a router to verify actual SPI operation. On a practical basis,
however, it's
> > not so much a matter of NAT vs. SPI, but a question of the feature set
you
> > desire. "SPI" based consumer routers can usually be differentiated from
their
> > plain-vanilla cousins by the presence of features like emailed attack
alerts and
> > reports, although exceptions can be found to this rule. In the end, SPI
is being
> > mainly used as a way to charge more for a product that has rapidly moved
down
> > the price curve to become a commodity.
> >
> > Recommendation: If the only difference in features between the products
that
> > you're considering is that one has SPI and the other doesn't, choose the
SPI
> > product if you tend to use a lot of mapped ports, or you're hosting some
sort of
> > server behind your router. Otherwise, plain ol' NAT should do just fine.
> >
> > "Frank" <nospam@nowhere.com> wrote in message
> > news:b2ath5$mbi$1@knossos.btinternet.com...
> >
> >>I have recently been informed that NAT provides adequate security
protection
> >>from the internet for a small network. Is it really necessary to
install a
> >>SOHO firewall? If I install a SOHO firewall, what benefits and security
> >>advantages does this have over an ADSL router utilising NAT?
> >>
> >>Thanks in advance,
> >> Frank.
> >>
> >>
> >>
> >
> >
> >
>
- Next message: NeoSadist: "Re: NAT vs Firewall"
- Previous message: Helmut Schneider: "Re: checkpoint firewall -1 sp3"
- In reply to: Calvin Crumrine: "Re: NAT vs Firewall"
- Next in thread: Calvin Crumrine: "Re: NAT vs Firewall"
- Reply: Calvin Crumrine: "Re: NAT vs Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
