Re: is NAT really enough?
- From: "Kevin Weilbacher [SBS-MVP]" <kweilbacMVP@xxxxxxx>
- Date: Sun, 22 Oct 2006 09:36:31 -0400
to the degree that it introduces a barrier, you might call it a primitive
firewall. But the issue is not what constitutes a firewall, but what is
required to secure your network? And to secure your network means you need
tools to monitor your network. Finding out "after the fact" that someone
broke in via some unmonitored port doesn't make your server very secure,
does it.
Most will agree (or argue) that even the most expensive firewall does not
guarantee a secured network. Also, for every 10 documented security
breakdowns, 3 are from the outside, but 7 are from the inside! That means
that whatever effor you put in to make sure your network is not hacked from
the outside, you better be doubling your effort for setting controlling
internal controls, such as: proper employee training and policies, reviewing
internal security logs, enforcing strong passwords, locking down
permissions, ensuring that all systems (not just PC's) are properly updated
with security patches ... and most importantly ... that you cna document all
of this!!!
--
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"sandgroper" <sandgroper@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:352F3D3A-841F-4A46-854A-0A689586461B@xxxxxxxxxxxxxxxx
<<<<NAT is not a firewall technology, it's not even a method of
firewalling,
it's a routing method.>>>>
NAT hides the network from the internet and it has port configuration so
isn't that a firewall?
"Leythos" wrote:
In article <81D592A0-5120-4AE7-8A14-DF9B7B6A9311@xxxxxxxxxxxxx>,
sandgroper@xxxxxxxxxxxxxxxxxxxxxxxxx says...
with just one nic on this sbs box and therefore a dlink 604T router
providing
nat firewall, am I justified in feeling as nervous as I do?
And what are popular sbs choices for external firewalls, with spam,
phising,
virus, firewalls in one box?
NAT is not a firewall technology, it's not even a method of firewalling,
it's a routing method.
Now, is NAT enough - well, lets just say that I know people on XP/2000
machines, home users, that have run their computers for years sitting
behind a NAT (BEFSR41) Router and never been compromised because of a
NAT failing.
Now, a firewall can do a LOT of things, like strip attachments out of a
SMTP session, remove content from HTTP sessions, block outbound traffic,
block entire subnets, can also be set to block a IP based on an attempt
to connect to a port (as I have all IP blocked that attempt to connect
via 445 or 1433/1434 on the external network).
Spam/Phishing/Virus - I use GFI Mail Security and Essentials on all our
servers and clients servers now (Use to use Symantec Mail Security for
Exchange, but it wasn't as good at stopping spam/phi and only had one AV
engine).
I don't know of a single solution that can do all that you want, you
need to pick the best of each world.
--
spam999free@xxxxxxxxxx
remove 999 in order to email me
.
- Prev by Date: Re: WMI Error Access Denied on Small Business 2003 R2
- Next by Date: Re: Question about F6 when installing SBS
- Previous by thread: Re: is NAT really enough?
- Next by thread: Re: configuring mx records at hosting co
- Index(es):
Relevant Pages
|
