Re: I am protected?
From: Chuck (none_at_example.net)
Date: 12/05/04
- Next message: chris_at_nospam.com: "Re: I am protected?"
- Previous message: jackryan: "Re: Insitute for learning Hacking( Ankit Fadia,Anirudh Sharma,Mairu)"
- In reply to: Walter Roberson: "Re: I am protected?"
- Next in thread: chris_at_nospam.com: "Re: I am protected?"
- Reply: chris_at_nospam.com: "Re: I am protected?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Dec 2004 19:25:25 -0600
On 4 Dec 2004 03:58:55 GMT, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote:
>In article <9i72r0tfb2cjeun36od6g2ud73pirla4kl@4ax.com>,
>Chuck <none@example.net> wrote:
>:>Of course, your ADSL modem may in fact already be donig NAT for you.
>
>:Correct. If you have a combined modem / NAT router, then you are protected from
>:hostile incoming network traffic.
>
>
>With NAT, you are *partly* protected, with the extent of the protection
>depending greatly on the degree to which the device is not just NAT'ing
>but also deliberately acting as a firewall.
Walter,
You are close. I would rephrase slightly:
With some NAT routers, you are *partly* protected, with the extent of the
protection depending greatly on the degree to which the device is not just
NAT'ing, but also providing firewall functionality.
NAT protects you similar to a firewall, but NAT in itself is NOT a firewall.
Some NAT routers include additional features, but those additional features are
not NAT components.
Some NAT routers also include SPI (Stateful Packet Inspection), which is a
firewall component.
A firewall protects you by filtering and / or reporting traffic (generally
incoming and outgoing). NAT protects you (against incoming traffic only) by
hiding you (the computers on your LAN). NAT does not filter - it obediently
relays all outbound traffic, and all inbound traffic directed to an valid (open)
port, as requested.
If your NAT router, additionally, has filtering capabilities, you can set it to
block inbound and / or outbound traffic, but the filters are not components of
NAT itself.
http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html
http://support.microsoft.com/?id=321050
http://www.homenethelp.com/router-guide/features-firewall.asp
Considering that a typical NAT router protects you best against hostile inbound
traffic, a personal firewall on each computer is still advised for protection
against, and detection of, hostile outbound traffic.
My personal opinion about hostile outbound traffic is that, if the software
generating the traffic is allowed to run at all, you have lost half the battle.
I highly recommend protecting yourself against hostile software itself, by a
layered defense strategy.
If, properly protected by NAT, I had a choice between only one - either a
personal firewall, or a properly configured and protected system and application
suite, I would choose the latter in all cases.
-- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: chris_at_nospam.com: "Re: I am protected?"
- Previous message: jackryan: "Re: Insitute for learning Hacking( Ankit Fadia,Anirudh Sharma,Mairu)"
- In reply to: Walter Roberson: "Re: I am protected?"
- Next in thread: chris_at_nospam.com: "Re: I am protected?"
- Reply: chris_at_nospam.com: "Re: I am protected?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
