PROTECTED]]
Sent: Wednesday, January 09, 2002 8:33 PM
To: Bourque Daniel; [EMAIL PROTECTED]
Subject: Re: NAT, Internet access and security
Bourque Daniel wrote:
Normally, you want your FW to be as invisible as possible (black hole) so
you just drop all incoming packet that are not specifically allowed
.
-Tom
-Original Message-
From: Kartik Trivedi [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 5:05 AM
To: irado furioso com tudo
Cc: [EMAIL PROTECTED]
Subject: Re: NAT, Internet access and security
hey guys,
Any idea how can i run an FTP server behind a NAT.
I share DSL
d'origine-
De: irado furioso com tudo [mailto:[EMAIL PROTECTED]]
Date: 8 janvier, 2002 04:31
Cc: [EMAIL PROTECTED]
Objet: Re: NAT, Internet access and security
I had heard that it is better to have a 'reject' rule instead of a
'deny' one, as reject will give back an immediate reply
, Internet access and security
I had heard that it is better to have a 'reject' rule instead of a
'deny' one, as reject will give back an immediate reply to the
interrogator, while just rejecting the query can give you a multitude of
'retry', which can eat you bandwidth with lots and lots
In-Reply-To: 002501c19799$c960$fdfea8c0@ISDesktop
Nothing is completely fool prof or completely
invulnerable and there are quite a few web servers
out there that do not have a firewall. A firewall is
there only to set up another layer of defense. The
other layers are to limit the
I had heard that it is better to have a 'reject' rule instead of a
'deny' one, as reject will give back an immediate reply to the
interrogator, while just rejecting the query can give you a multitude of
'retry', which can eat you bandwidth with lots and lots of retries. If
possible, can
tudo [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, January 07, 2002 3:46 AM
Subject: Re: NAT, Internet access and security
surelly, I am missing something. In a widely open network as this, how
can it be secure ??
Iain McAleer wrote:
Hey guys,
To be honest, if your system is secure
IMHO, it is better to have the latest OpenSSH running, wich carry little
secure things like scp (secure copy) and sftp (secureFTP).
Kartik Trivedi wrote:
hey guys,
Any idea how can i run an FTP server behind a NAT.
I share DSL connection with my roommates using a router. But i want to
Here is a suggestion for basic firewall setup:
Always have a base rule or policy that is set to deny or drop any source
to any destination using any service/port. Then add rules or policies
above
the basic deny policy (typically referred to as a stealth rule) to
specifically allow only the
surelly, I am missing something. In a widely open network as this, how
can it be secure ??
Iain McAleer wrote:
Hey guys,
To be honest, if your system is secure a firewall is redundant. I am aware
of a company here in Perth that is part of a multi-million dollar
corporation. They have
management and monitoring, end user education etc... will eventually lead to
a compromise.
-Original Message-
From: keith royster [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 06, 2002 5:08 PM
To: Iain McAleer
Cc: Gilles Poiret; [EMAIL PROTECTED]
Subject: Re: NAT, Internet access and security
I was under the impression that the stealth rule was to have anything
going directly to your Firewall dropped, therefore making your FW's
addess a black hole. It never answers anything, except what you
specifically allow for management purposes.
The rule you describe was always referred to as a
, January 03, 2002 8:14 PM
Subject: Re: NAT, Internet access and security
Hello,
Most of answers I received suggest me to set up a firewall. (My router
seems to have this ability.)
But a firewall to block what ? Excepted for the router, computers can't be
to
uch from outside of the LAN, since
Hello,
Most of answers I received suggest me to set up a firewall. (My router seems to have
this ability.)
But a firewall to block what ? Excepted for the router, computers can't be to
uch from outside of the LAN, since they have private adresses.
The most important risk seems to be about
Hello,
I plan to give my company access to Internet. My ISP propose me partial-time access
(20h) on a RNIS solution, with a router, a single IP address (dynamic), so using
private addresses for computers on my LAN.
This offer doesn't include security stuff (excepted for e-mails).
So I'm
15 matches
Mail list logo
