Re: Is my router obsolete?

From: Ansgar -59cobalt- Wiechers <usenet-2007@xxxxxxxxxxxxxxxx>
Date: 17 Feb 2007 15:17:47 GMT

Dom <invalid@xxxxxxxxxxxxxxx> wrote:

On Fri, 2007-02-16 at 18:50 -0600, John Smith wrote:

I have a 5 year old Linksys BFSR11 router with the latest firmware.
An IT guy at work says that I should replace it since the bad guys
have found ways to circumvent it's defenses. I doubt it.
Even if I use a software firewall like ZA-Free or Comodo, am I
vulnerable?

Being behind a device such as that, I take it that hosts on your lan
are privately addressed, which is the very best defense from internet
threats. Long as you don't have any sort of port forwarding mechanism
enabled, you should be fine.

That is, though not plain wrong, at least questionable. NAT (the
mechanism to enable connections between private and public networks) has
the purpose to *enable* connections between networks. A Firewall OTOH is
supposed to *block* everything that isn't specifically authorized. Thus
a NAT-only device will usually fail-open, whereas a firewall is supposed
to fail-close, which is why you do want your router to have at least
some firewalling functionality.

Of course this point is sort of moot, because virtually all devices
(even low-cost routers) do implement firewall functionality, but I
wanted to make clear that you can't rely on just using private addresses
to guarantee the security of your LAN.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
.

Follow-Ups:
- Re: Is my router obsolete?
  - From: Dom

References:
- Is my router obsolete?
  - From: John Smith
- Re: Is my router obsolete?
  - From: Dom

Prev by Date: Re: Strange problem with software or hardware router..
Next by Date: Re: Strange problem with software or hardware router..
Previous by thread: Re: Is my router obsolete?
Next by thread: Re: Is my router obsolete?
Index(es):
- Date
- Thread

Relevant Pages

Re: Need Help from DNS Expert on Subdomain DNS Records
... domain from within and outside our firewall. ... Only internally now that we changed the subdomain to a different IP than the parent in both IIS and DNS. ... public IP to point to the same private IP, ...
(microsoft.public.windows.server.dns)
Re: DNS for trusts between separate private forests accross the In
... This is a small installation and it just so happens that one of the servers ... The firewall is set to map a fixed external IP ... into one of the other remote but private domains. ... Or would it be better to use secondary zone ...
(microsoft.public.windows.server.dns)
Re: Web Hosting Firewall Setup
... Here is one network architecture which works for you: ... Firewall has 3 NICs: one with a private IP address for your private ... DB & B/U servers are in DMZ. ...
(comp.security.firewalls)
Re: Please Help me to block the hackers
... It's typical to use a firewall and NAT with private IP address ranges. ... NAT device in order to reach the internet. ...
(microsoft.public.security)
2003 networking fails after SP1
... We have a 2003 server with two NICs, one private and one public. ... We are using Windows Firewall, but when the failure occurs, turning off the ...
(microsoft.public.windows.server.networking)