Re: Is software firewall nessasery if hardware is available?
From: paul dallaire (paul.dallaire_at_sympatico.ca)
Date: 02/14/05
- Next message: Plinio Conti: "Re: hide other users documents folders"
- Previous message: John C.: "Firewall and FTP2"
- In reply to:(deleted message) Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Next in thread: Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Reply:(deleted message) Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Feb 2005 16:09:25 -0500
HI! Why would you call the d-link a NAT box ? why would they list it as a
Router? can you explain I don't understand.
I do under now about isolating the two.. what would you recommend as a good
router that is low price but good for my situation as a starter. I will in
the future get a good hardware firewall but for now I would like decent
protection.
another thing if I do get another good router can I still use the d-links
firewall between the LAN part as the other more advanced firewall filters
the IIS Servers connections and other Pub connections?
"Leythos" <void@nowhere.lan> wrote in message
news:pan.2005.02.14.19.20.41.420281@nowhere.lan...
> On Mon, 14 Feb 2005 12:11:17 -0500, paul dallaire wrote:
>
>> HI! thanks for the response. Its tell in the docs how to setup a set FTP
>> software. IF it does not support it then why have the docs on it?
>>
>> I am running WIn XP Pro Sp2. not server.
>
> I had a suspicion that you were running a workstation instead of a server.
> You're still in the same boat, you also risk your other computers should
> the public one become compromised.
>
> Your 604 router is just a simple NAT box with no real firewall installed
> and no means to have two network segments - we would call one segment the
> LAN and the other the DMZ - typically there is none or little connection
> between the DMZ and the LAN, and your non-public computers sit in the LAN
> segment. With this type of setup your computers in the DMZ can't reach the
> computers in the LAN should a DMZ computer become compromised.
>
> There are ways to build a cheap LAN/DMZ, but you need two routers:
>
> INTERNET
> |
> ROUTER 1
> | < DMZ SEGMENT
> | < 192.168.0.0/24
> ROUTER 2
> | < LAN SEGMENT
> | < 192.168.1.0/24
>
> In this setup your LAN computers are able to access the DMZ WEB/FTP
> computers, but, unless you make ports back into ROUTER 2, the DMZ
> computers can't reach the LAN segment. All computers can reach the
> Internet through the routers.
>
> Now, you do understand that your Workstation is limited to 10 sessions at
> a time - meaning that your web site is very limited in how many users can
> access it?
>
> You might also want to consider using something other than the built-in MS
> FTP service - Take a look at FileZilla, it's an OpenSource FTP Server
> that runs on the Windows Platform and is much easier and feature rich than
> the MS FTP service - and it doesn't require a Windows User Account - since
> you're not going to allow anonymous access to the FTP site (it would be
> bad to allow FTP Write access to the world).
>
> FileZilla server can be found here:
> http://filezilla.sourceforge.net/
>
> --
> spam999free@rrohio.com
> remove 999 in order to email me
>
- Next message: Plinio Conti: "Re: hide other users documents folders"
- Previous message: John C.: "Firewall and FTP2"
- In reply to:(deleted message) Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Next in thread: Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Reply:(deleted message) Leythos: "Re: Is software firewall nessasery if hardware is available?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
