Re: NAT Security

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 01/01/04

• Next message: Nataraj R: "Works properly in XP but not in 2K"
• Previous message: Karl Levinson [x y] mvp: "Re: Network:"
• Maybe in reply to: Steven L Umbach: "Re: NAT Security"
• Next in thread: Todd: "Re: NAT Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 1 Jan 2004 08:09:53 -0500

Note that NAT does NOTHING to protect the ports on the Windows server doing
the NAT. That server is wide open and waiting to be hacked or infected.
What you are seeing in your port scans are the ports on the server itself.
And once someone hacks your server, they can access your internal network.
There's also zero capability for logging, so if you're hacked or your
network connection starts getting slow due to bandwidth use, you've got no
idea who hacked you.

NAT on a hardened device such as a firewall or NAT router is somewhat more
secure than NAT on a Windows 2000 router connected directly to the Internet.

There are free firewalls out there, including www.kerio.com, www.sygate.com,
and linux firewalls [some of which may be easier to use than you think]

http://securityadmin.info/faq.asp#firewall

"Todd" <anonymous@discussions.microsoft.com> wrote in message
news:BEE8A9B3-7613-4B21-A17B-E26D71A4F8D1@microsoft.com...
> Thanks for that I will be looking into Firewalls but it was just a
quiestion to see how secure it would be... Looking at the port scan again it
looks to be very insecure I have also ports 21, 389, 80, 110, 119, 135, 139,
143, 443, 548, 993, 995, 3389 open , I dont have anything enabled on the
External Card but do host a web site, dns, pop, smtp, and terminals
services, how easy would it be for someone to hack the system ?
> I do realise that a Firewall is the ideal solution, but just about
anything is hackable if they want !!
> Is there any way i can close some of the unwanted ports thru fliters etc
in NAT ???
> Thanks,
> Todd

---

• Next message: Nataraj R: "Works properly in XP but not in 2K"
• Previous message: Karl Levinson [x y] mvp: "Re: Network:"
• Maybe in reply to: Steven L Umbach: "Re: NAT Security"
• Next in thread: Todd: "Re: NAT Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: nat/basic firewall ... we have open ports on NAT ... 443 is opena dn forwarded to the exchange server 192.168.16.3 ... in RRAS, assuming that is how it was configured, unless you used ICS? ... (microsoft.public.windows.server.general) Re: Windows file sharing through NAT ... behind NAT routers, your best option is to setup a open-source passive FTP ... and then you only need to expose the FTP ports through your ... the server version will let you run it on W95, so you need to have the Wxp ... (comp.security.firewalls) Re: Configure your firewall to forward SMTP messages to the new server ... There are 2 things that typically happen on most firewalls: ... You can either change the NAT rule to map the public IP address (that ... previously belonged to the old server) to the new server. ... you can add another NAT rule to map the new server's private ... (microsoft.public.exchange.admin) Re: Open Ports ... >> the NAT will make a request to open these ports on your ... >> NAT server. ... >> I mapped my ports correctly on the NAT. ... (microsoft.public.windows.server.networking) Re: Freelancer Global Server Problem ... Are you running any firewalls on your system? ... My advice is donated "AS IS" without warranty; nor do I confer any rights. ... | using Nat. ... |>| downloaded "All seeing eye" which put one server in the ... (microsoft.public.games)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)