cool, I've got IKE running now w/ netscreen remote. I'll test with the
linksys and for use w/ checkpoint and raptor as well. I'm looking further
in phoneboy now...
Lance, so linksys(s) calling the router a firewall is somewhat misleading.
NAT serves as a layer of protection, but is far from a complete solution,
i.e. no stateful inspection of packets, port analysis, etc. To supplement,
I'm currently using host level security with a little freeware tool called
Secure desktop 2.1. at home.
Here is info on host based firewalls: http://grc.com/su-firewalls.htm
Wingate may help you out here. I've never used it - sounds like a proxy of
sort.
cheers.byron
-----Original Message-----
From: Matt Richoux [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 7:10 AM
To: 'Byron Kennedy'
Cc: '[EMAIL PROTECTED]'
Subject: RE: LinkSys 4-Port Router
Yes, I have gotten it to work with securemote. There is a good article on
phoneboy on how to do it. You have to use IKE.
-----Original Message-----
From: Byron Kennedy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 8:18 PM
To: 'Don Tuer'; '[EMAIL PROTECTED]'
Subject: RE: LinkSys 4-Port Router
I'll let others address the supplemental security needed with NAT vs. packet
filters, etc.
But, as an aside, I'm interested to know if you or anyone has been able to
get the linksys w/ NAT to work with a VPN connecting to a netscreen (with
the Netscreen remote software on a NAT addressed host), raptor, or
Checkpoint. I think there was alot on this topic recently - i tried to
catch-up and hope i didn't miss the answer already. I'm about to buy one
(linksys) for my home network, but need to connect back to corp via a
netscreen VPN, and potentially checkpoint or raptor in the near future.
Thx.Byron
-----Original Message-----
From: Don Tuer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 12:36 PM
To: '[EMAIL PROTECTED]'
Subject: RE: LinkSys 4-Port Router
Hello:
One question that I've had for some time is why isn't a NAT only
solution sufficient security? I'm running a NAT with no filters on outbound
or inbound connections but using a private IP address (10.x.x.x) on the
inside. Source routing is turned off so how would a hacker exploit my NAT?
Any responses greatly appreciated.
Thanks
Don
-----Original Message-----
From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 2:05 PM
To: David Shackelford
Cc: [EMAIL PROTECTED]
Subject: Re: LinkSys 4-Port Router
I have downloaded the information from Linksys. Thanks for the response. I
realize that this is not a high-end device by any means and that I would
need to spend a great deal more money to obtain a level of protection
available in that price range. I normally do setup filters to prevent
traceroute and UDP and TCP scans and I agree it is how you administer the
device. The device has to have the capability in order to administer it
though. I get outbound web access now using Wingate on my Windows NT box.
For anything mission critical, I would host on a server provided by a web
hosting service with high bandwidth, redundancy and managed services that I
would not have to worry about configuring. A DSL service is not a place to
host any service where these characteristics are required. I think for my
home network this device would be good as long as I supplemented it with a
good software based firewall as you suggest.
Thanks again,
Lance
----- Original Message -----
From: "David Shackelford" <[EMAIL PROTECTED]>
To: "'Lance Ecklesdafer'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, September 12, 2000 1:32 PM
Subject: RE: LinkSys 4-Port Router
> Download the documentation at Linksys. It's congfigured via a
web-interface,
> and is a NAT-supporting packet filter with some (I believe) basic VPN
> support. It also supports PPPOE, which is used by many broadband service
> providers lately. Remember though, you are looking at a device for under
> $200; you can't expect all the features of a $10000 system. As far as your
> traceroute and other questions? Well, it blocks both incoming and outgoing
> as specified by the bloke administering it. Do _you_ set up filters to
> prevent scans and traceroute mappings? This device is good basic security
> for a site that primarily needs outbound web access. It would be silly to
> host something mission critical behind this device without further
> precautions. It would be great, however, for my own private projects, and
> for many SOHO's.
>
> Dave Shackelford
>
> > -----Original Message-----
> > From: Lance Ecklesdafer [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, September 12, 2000 10:05 AM
> > To: [EMAIL PROTECTED]
> > Subject: LinkSys 4-Port Router
> >
> >
> > Hello all,
> >
> > I have been reading about this Linksys product that provides limited
> > firewall functionality and routing for a four-node private
> > network. I am not
> > sure if this product can offer good security for a casual
> > home network. I
> > have not seen a detailed specifications list or documentation for this
> > product. The only thing I know about this product is that it
> > uses NAT which
> > does not make it a firewall. What kind of interface is there
> > for configuring
> > this device? Does this device support VPN connections through
> > a Checkpoint
> > or other IPSEC firewall? I am thinking that you would also
> > need to load
> > software based protection on the internal workstations to
> > provide for a
> > better level of security. How is this product at resisting
> > SYN floods, UDP
> > and TCP scans and traceroute mapping of the internal private
> > network? Does
> > anyone have any feedback here?
> >
> > TIA,
> >
> > Lance
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
