Re: Firewall and Router

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: francis gerard (spam_at_spamcop.net)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 14:28:28 -0400

"Miha Pihler" <miha-news@atlantis.si> wrote in message
news:ePhTb5LcEHA.384@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> DSL routers are very popular these days. They also come with built-in
> firewall that can protect your network quite well.
>
> Routers can perform NAT and people often take NAT as a security feature.
> NAT
> and router does not replace a firewall and NAT should not be treated as
> security feature.

NAT, in fact, is recognized as an excellent security feature, it isolates
your internal network by using IPs from the private address range which are
NOT routable on the WAN-side (internet) of the router, and vice versa,
internet addresses are not routable on the LAN-side of the router. NAT
effectively hides the IPs of hosts on the LAN from would-be attackers on the
internet. NAT is commonly used to securely connect corporate networks to
the internet.

however, NAT cannot protect your computer(s) from solicited types of
intrusion (see below), but a NAT Router is an excellent adjunct to securing
your network.

> With broadband internet access firewalls will be more and more important
> even for home users.
>
> Why did you pass the security check I don't know, but there could be few
> reasons:
> * bad test? (you didn't wrote what test you run)
> * maybe you have personal firewall enabled on your Windows XP
> * maybe ADSL Broadband Router that you use have built in firewall...

the xDSL Router's NAT doesn't forward unsolicited inbound packets, ie, there
were no outbound connections in the NAT's port mapping table matching the
incoming traffic from the test site, thus the router drops the packets and
the site reports that his system passed the test... which is true. the
router's NAT will block unsolicited inbound traffic, but a firewall is
required to protect against unsolicited/undesired outbound traffic. 

--
francis

Relevant Pages

  • Re: Host Computer with ICS cannot be accessed
    ... You read my mind on the router thing. ... My home network is a piece of cake... ... >>firewall settings, not that I've found so far, but I'll keep looking. ... and we couldn't get file sharing working until ...
    (microsoft.public.windowsxp.network_web)
  • Re: share my printer between 2 computers and surf with 2 computers at same time
    ... The main choice you have to make is whether to have the router include wireless capability or not. ... Because wireless routers for home use are relatively inexpensive these days, I'd suggest buying a wireless router even if you don't initially intend to use that capability. ... If you already have a UTP cable going between upstairs and downstairs, you can use that to have a wired network. ... caused by 1) a misconfigured firewall; ...
    (microsoft.public.windowsxp.network_web)
  • Re: share my printer between 2 computers and surf with 2 computers at same time
    ... The main piece of hardware you need to buy is a router. ... Because wireless routers for home use are ... you can use that to have a wired network. ... caused by 1) a misconfigured firewall; ...
    (microsoft.public.windowsxp.network_web)
  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
    ... the>outside world which are in response to packets originating from ... to drop in a little Trojan, your whole network can be compromised. ... NAT router works at Layer 3. ... You still need a personal firewall or ...
    (Full-Disclosure)
  • Re: New modem and iptables...
    ... The router performs firewall and NAT functions ... If you want to persuade me it's a modem, ... it's a router and _it_ has your public Internet address. ... It also does NAT (otherwise you couldn't have a private IP address on ...
    (Fedora)