Re: beginner question-routers
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 02/23/05
- Next message: John Brock: "How safe is a "Limited" XP account?"
- Previous message: peon1000002: "beginner question-routers"
- In reply to: peon1000002: "beginner question-routers"
- Next in thread: Me_at_home.here: "Re: beginner question-routers"
- Reply: Me_at_home.here: "Re: beginner question-routers"
- Reply: peon 100002: "Re: beginner question-routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Feb 2005 19:51:22 GMT
In article <Xns96069315DE1EAleavemealone@130.81.64.196>,
peon1000002 <work@big.box> wrote:
:from a website i was reading...
:"The solution is to separate your Internet traffic from your LAN (file
:sharing) traffic. To do this, a special networking device or software can
:be placed between your computers and the Internet. In addition, attempts
:by hackers to access your computers are stopped by a broadband router."
:my 1st question is does the router automatically "out of the box" separate
:the internet traffic from the LAN or do i need to configure it to do so?
You would, at a minimum, need to configure the inside and outside IP
address range for the router. After that, *most* routers will, by default,
pass all traffic through between the inside and the outside and
vice versas, not stopping it at all.
:the second sentence is referring to the firewall capability right?
:if i dont activate the router firewall hackers could access the computer
:even with a router (if i didnt have mcafee).
That second sentance is just plain wrong. Broadband routers do not
stop anyone from accessing anything. If you have a cable modem, then
traffic -content- between the ISP and you might travel encrypted
[but the IP layer would normally be unencrypted for cable], and in
that case the cable modem is supposed to prevent others from being able
to usefully sniff the content of your traffic.... but anyone on your
block would still be able to look at the IPs and figure out where
you are connecting to.
What the sentance -might- be referring to is that most consumer
broadband devices use NAT (Network Address Translation). There is
a common belief that if you have NAT then your network is safe.
It doesn't work that way, though: if you have NAT but do not have a
"stateful packet inspection" firewall then depending on the implimentation
and configuration, it might range from providing no protection at all
to providing access only to systems you are already connected to
[keep in mind that if you are running filesharing software or Skype
that you are connecting to hundreds or thousands of machines that
you don't realize you are connecting to!]
NAT by itself is not a particularily strong security layer.
It can cut down the noise a fair bit, but still leaves you open
for anyone who takes a bit more time to target you.
If you want information on why some people think that NAT is a very
poor idea, then I suggest checking out postings by Melinda Shore.
-- Warhol's Law: every Usenet user is entitled to his or her very own fifteen minutes of flame -- The Squoire
- Next message: John Brock: "How safe is a "Limited" XP account?"
- Previous message: peon1000002: "beginner question-routers"
- In reply to: peon1000002: "beginner question-routers"
- Next in thread: Me_at_home.here: "Re: beginner question-routers"
- Reply: Me_at_home.here: "Re: beginner question-routers"
- Reply: peon 100002: "Re: beginner question-routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
