Re: Security Questions - Tech Support

Re: Security Questions: Posted by Gnome de Plume on November 3rd, 2004; WhItE RaBBiT wrote:

NAT router is not a true firewall. the firewalling is a side-effect of
the NAT (doesn't know where to route incoming packets without a ruleset
i.e. NAPT). consumer-grade SPI firewalls may not help much over a NAT
router though, it just depends. i mean a Linksys is not a Checkpoint,
no matter what they may claim.

one thing that most consumer-grade (i.e. Linksys, et. al) can't do is
block malicious outbound traffic. most modern trojans use reverse
connect or lanfiltration techniques. in their simplest form, this can
be done with the free netcat on unix. thus a personal firewall plus
hardware firewall is ideal, whether on dialup or DSL. it's not true
that dialup is not targetted, it's just that the target machines are far
less valuable. for a quick bounce, a hacker could still utilize a
dialup connection (esp if it has high uptime).

Smoothwall, IPCop, and friends. even a distro like SuSE would work
fairly easily. my 8.1 install discs offered NAT routing and firewalling
with a point-and-click GUI config.

open-source has a lot of eyes on the code.

michael

Similar Posts

Many XP Pro Security Questions - Please Help (Security & Administration) by Jason Antman
Re: Security Questions (Software & Applications) by Gnome de Plume
Re: Security Questions (Software & Applications) by Hassan I Sahba
Re: Security Questions (Software & Applications) by Hassan I Sahba
Re: Security Questions (Software & Applications) by bert