> > One question I have that came out of this discussion is > why are systems > > behind routers safer? What kind of security does a router provide? > > A router by itself does not provide any inherent security. However: > > A standard router, such as a cisco 2501, can do port > blocking, which can add > some security. > > The devices which are marketed as "cable modem routers" > often have Network > Address Translation (NAT), which *does* add some security. > It makes it > harder for the bad guys to hit your computer, as most of the > 'routers' are > set only to allow inbound packets that are replies to your outbound > requests. (IPtables does this as well, but most of these > 'routers' do it > out of the box). > > Ben
Your best bet for a home setup is a true firewall/router and the ones for home, netgear, linksys, dlink for example are actually Linux boxes from what I understand. Standard routers, besides offering port blocking to keep out "well known port" based attacks, usually offer access control lists which enhance standard port blocks by allowing you to specify for all or any specific ports - allowed IP addresses (host or network or CIDR), Denied ip addresses (great for nailing known spammers from RBL's and stopping them from annoying your mail servers and firewalls) Higher end routers (cisco 2600 and up) also offer enhanced firewall capabilities and tie ins with security servers. A commercial enterprise trying to protect it's internal assets would use a combination of devices each providing a level of defense. (Depends on it's access needs and Internet requirements) Level 1 - Border Router (with or without basic firewall) provides access control lists for specific port and/or ip address blocking or acceptance. provides first tier security through optional connection to security server (dynamic access control lists, lock and key access controls (SecurID type systems) keeps the port scanners and known creeps from penetrating into the next level. Level 2 - True firewall, with/without content filtering and other security (IDS) servers Provides backup and further tuned access control lists provides intelligent access controls and attack detection Can tie to IDS servers, etc for increased intelligence Level 3 - Security servers Ties in with Border routers and Firewalls Can tie in with other servers Should have own local firewall enabled restricting all access to just encrypted port connections from known local hosts - firewalls and border routers. Provides increased intelligence for detecting attack profiles and intrsuion detection and response. Level 4 - Servers and desktops Personal level firewalls restricting access as appropriate. Antivirus, antispam, anti-spyware programs actively running on both client and server. Different manufacturers for each package - example - Norton antivirus on the desktop, and Mcafee antivirus running on the email server. More than one anti-spyware package running as well. Servers restricted and tuned to a specific task - DNS server, email server, pop/imap server database server, email hub and scanning (antivirus/antispam) Level 4.1 - Web servers web servers should also be placed between two separate firewalls in true DMZ and preferrably on a different internet link. The outside firewall controls global access to your web farm, the inside firewall restricts access to just the specific porst and ip addresses of your web farm. All servers in the web farm shoudl also have local firewalls and IDS software. This is sort of "the Embassy Defense System" - put as many obstacles of increasing difficulty between you and your attackers to give you time to detect and curtail them before they can do significant damage to your infrastructure. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list