Byron,
When I started this thread one of my original questions concerned this
device's ability to handle VPN connections to Checkpoint. I have heard that
it does support IPSEC and others have used it with Contivity (Nortel). I am
thinking that if I do obtain this device I will need it to support
SecuRemote and work in conjunction with my Wingate or Lockdown 2000 software
to provide the additional security needed on the internal network in my
home. I am also joining Byron in asking for feedback from anyone using this
with SecuRemote through a Checkpoint firewall.
Also, maybe we start a separate thread about VPNs and @Home . I have
received a communication from the EDSVPN team regarding Comcast acceptable
use policy of the Garden State@Home, Comcast@Home and Suburban@Home
subscribers. Apparently they have decided to ban the use of VPNs on these
networks from their subscribers. I have read their announcement which can be
viewed at http://www.comcastonline.com/subscriber-agreement.asp detailing
this decision.
Lance
----- Original Message -----
From: "Byron Kennedy" <[EMAIL PROTECTED]>
To: "'Don Tuer'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, September 12, 2000 9:17 PM
Subject: RE: LinkSys 4-Port Router
> I'll let others address the supplemental security needed with NAT vs.
packet
> filters, etc.
>
> But, as an aside, I'm interested to know if you or anyone has been able to
> get the linksys w/ NAT to work with a VPN connecting to a netscreen (with
> the Netscreen remote software on a NAT addressed host), raptor, or
> Checkpoint. I think there was alot on this topic recently - i tried to
> catch-up and hope i didn't miss the answer already. I'm about to buy one
> (linksys) for my home network, but need to connect back to corp via a
> netscreen VPN, and potentially checkpoint or raptor in the near future.
>
> Thx.Byron
>
>
> -----Original Message-----
> From: Don Tuer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 12, 2000 12:36 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: LinkSys 4-Port Router
>
>
> Hello:
>
> One question that I've had for some time is why isn't a NAT only
> solution sufficient security? I'm running a NAT with no filters on
outbound
> or inbound connections but using a private IP address (10.x.x.x) on the
> inside. Source routing is turned off so how would a hacker exploit my NAT?
>
> Any responses greatly appreciated.
>
> Thanks
>
> Don
>
> -----Original Message-----
> From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 12, 2000 2:05 PM
> To: David Shackelford
> Cc: [EMAIL PROTECTED]
> Subject: Re: LinkSys 4-Port Router
>
>
> I have downloaded the information from Linksys. Thanks for the response. I
> realize that this is not a high-end device by any means and that I would
> need to spend a great deal more money to obtain a level of protection
> available in that price range. I normally do setup filters to prevent
> traceroute and UDP and TCP scans and I agree it is how you administer the
> device. The device has to have the capability in order to administer it
> though. I get outbound web access now using Wingate on my Windows NT box.
> For anything mission critical, I would host on a server provided by a web
> hosting service with high bandwidth, redundancy and managed services that
I
> would not have to worry about configuring. A DSL service is not a place
to
> host any service where these characteristics are required. I think for my
> home network this device would be good as long as I supplemented it with a
> good software based firewall as you suggest.
>
> Thanks again,
>
> Lance
> ----- Original Message -----
> From: "David Shackelford" <[EMAIL PROTECTED]>
> To: "'Lance Ecklesdafer'" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 12, 2000 1:32 PM
> Subject: RE: LinkSys 4-Port Router
>
>
> > Download the documentation at Linksys. It's congfigured via a
> web-interface,
> > and is a NAT-supporting packet filter with some (I believe) basic VPN
> > support. It also supports PPPOE, which is used by many broadband service
> > providers lately. Remember though, you are looking at a device for under
> > $200; you can't expect all the features of a $10000 system. As far as
your
> > traceroute and other questions? Well, it blocks both incoming and
outgoing
> > as specified by the bloke administering it. Do _you_ set up filters to
> > prevent scans and traceroute mappings? This device is good basic
security
> > for a site that primarily needs outbound web access. It would be silly
to
> > host something mission critical behind this device without further
> > precautions. It would be great, however, for my own private projects,
and
> > for many SOHO's.
> >
> > Dave Shackelford
> >
> > > -----Original Message-----
> > > From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, September 12, 2000 10:05 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: LinkSys 4-Port Router
> > >
> > >
> > > Hello all,
> > >
> > > I have been reading about this Linksys product that provides limited
> > > firewall functionality and routing for a four-node private
> > > network. I am not
> > > sure if this product can offer good security for a casual
> > > home network. I
> > > have not seen a detailed specifications list or documentation for this
> > > product. The only thing I know about this product is that it
> > > uses NAT which
> > > does not make it a firewall. What kind of interface is there
> > > for configuring
> > > this device? Does this device support VPN connections through
> > > a Checkpoint
> > > or other IPSEC firewall? I am thinking that you would also
> > > need to load
> > > software based protection on the internal workstations to
> > > provide for a
> > > better level of security. How is this product at resisting
> > > SYN floods, UDP
> > > and TCP scans and traceroute mapping of the internal private
> > > network? Does
> > > anyone have any feedback here?
> > >
> > > TIA,
> > >
> > > Lance
> > >
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
