Hello:
One question that I've had for some time is why isn't a NAT only
solution sufficient security? I'm running a NAT with no filters on outbound
or inbound connections but using a private IP address (10.x.x.x) on the
inside. Source routing is turned off so how would a hacker exploit my NAT?
Any responses greatly appreciated.
Thanks
Don
-----Original Message-----
From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 2:05 PM
To: David Shackelford
Cc: [EMAIL PROTECTED]
Subject: Re: LinkSys 4-Port Router
I have downloaded the information from Linksys. Thanks for the response. I
realize that this is not a high-end device by any means and that I would
need to spend a great deal more money to obtain a level of protection
available in that price range. I normally do setup filters to prevent
traceroute and UDP and TCP scans and I agree it is how you administer the
device. The device has to have the capability in order to administer it
though. I get outbound web access now using Wingate on my Windows NT box.
For anything mission critical, I would host on a server provided by a web
hosting service with high bandwidth, redundancy and managed services that I
would not have to worry about configuring. A DSL service is not a place to
host any service where these characteristics are required. I think for my
home network this device would be good as long as I supplemented it with a
good software based firewall as you suggest.
Thanks again,
Lance
----- Original Message -----
From: "David Shackelford" <[EMAIL PROTECTED]>
To: "'Lance Ecklesdafer'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 12, 2000 1:32 PM
Subject: RE: LinkSys 4-Port Router
> Download the documentation at Linksys. It's congfigured via a
web-interface,
> and is a NAT-supporting packet filter with some (I believe) basic VPN
> support. It also supports PPPOE, which is used by many broadband service
> providers lately. Remember though, you are looking at a device for under
> $200; you can't expect all the features of a $10000 system. As far as your
> traceroute and other questions? Well, it blocks both incoming and outgoing
> as specified by the bloke administering it. Do _you_ set up filters to
> prevent scans and traceroute mappings? This device is good basic security
> for a site that primarily needs outbound web access. It would be silly to
> host something mission critical behind this device without further
> precautions. It would be great, however, for my own private projects, and
> for many SOHO's.
>
> Dave Shackelford
>
> > -----Original Message-----
> > From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 12, 2000 10:05 AM
> > To: [EMAIL PROTECTED]
> > Subject: LinkSys 4-Port Router
> >
> >
> > Hello all,
> >
> > I have been reading about this Linksys product that provides limited
> > firewall functionality and routing for a four-node private
> > network. I am not
> > sure if this product can offer good security for a casual
> > home network. I
> > have not seen a detailed specifications list or documentation for this
> > product. The only thing I know about this product is that it
> > uses NAT which
> > does not make it a firewall. What kind of interface is there
> > for configuring
> > this device? Does this device support VPN connections through
> > a Checkpoint
> > or other IPSEC firewall? I am thinking that you would also
> > need to load
> > software based protection on the internal workstations to
> > provide for a
> > better level of security. How is this product at resisting
> > SYN floods, UDP
> > and TCP scans and traceroute mapping of the internal private
> > network? Does
> > anyone have any feedback here?
> >
> > TIA,
> >
> > Lance
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
