Linksys Firewall/router
Glenn Crocker
glenn at netmud.com
Tue Nov 6 23:16:09 CST 2001
NAT doesn't add the kind of security a firewall does. Yeah, it's nice, but
it's like using the "rhythm method" of birth control. Maybe it'll work,
probably it won't.
Here's a nice article about why NAT isn't a real security solution:
http://www.sans.org/infosecFAQ/firewall/net_add2.htm
-glenn
Glenn Crocker
Netmud http://www.netmud.com
913-451-7785, glenn at netmud.com
> -----Original Message-----
> From: Jonathan Hutchins [mailto:hutchins at opus1.com]
> Sent: Tuesday, November 06, 2001 4:41 PM
> To: bill at billclark.net; 'KCLUG List'
> Subject: Re: Linksys Firewall/router
>
>
> ----- Original Message -----
> From: "Bill Clark" <bill at billclark.net>
>
> > As for the genius that said you don't need to block ports if
> your running
> > NAT...
>
> That would be me. I'd love to try your proposed experiment, but
> as you say
> there's no such thing as "perfectly secure" and I don't really
> have time to
> fix it today if you out-clever me. Some day when I've got time
> to mess with
> it, and preferably monitor the process from my end too, maybe we
> can give it
> a try.
>
> I presume we're talking about blocking the ports using the firewall rules
> here - my systems are usually secured as if they were exposed anyway, and
> don't have promiscuously open ports that could be reached even if
> you could
> get to them through the firewall. That's really more what I'm thinking of
> when I say you don't have to block.
More information about the Kclug
mailing list