IMO, security should be addressed in layers, and a good firewall is an important part of your defense system. With a layered defense, you never have a single point of failure. The company you mention is playing without a net - cocky and unwise. My bet is that it is only a matter of time before they slip.
-- keith royster [EMAIL PROTECTED] http://www.homebrew.com Quoting Iain McAleer <[EMAIL PROTECTED]>: > Hey guys, > > To be honest, if your system is secure a firewall is redundant. I am aware > of a company here in Perth that is part of a multi-million dollar > corporation. They have NO firewalls in place and are not implimenting NAT. > Infact they have live IP's for all their workstations. The reason they have > no firewall and can keep running with this is because their system is > secure. The biggest security risk is always going to be exploits and your > own clients idiocy. > > Regards > Iain McAleer > > ----- Original Message ----- > From: "Gilles Poiret" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 03, 2002 8:14 PM > Subject: Re: NAT, Internet access and security > > > > Hello, > > > > > > Most of answers I received suggest me to set up a firewall. (My router > seems to have this ability.) > > But a firewall to block what ? Excepted for the router, computers can't > be > "to > > uch" from outside of the LAN, since they have private adresses. > > > > The most important risk seems to be about worms, trojans, or java and > javascript applications... > > Some of answers talk about proxies, to prevent this kind of problems. > > I can't see what improvement of security a proxy brings generally, and in > particular in the case of worms & Co, specially with regard to a > firewall... > > If you know the answer (or a web site about that), i'm very interested ! > > > > > > What do you think about this configuration, for the firewall's router : > > - ingoing packets : SYN packets blocked (for me, useless -> private > addresses) > > - outgoing packets : every packets blocked, except those where > destination > is web, smtp, pop port. (Working context -> no irc, ....) > > Is it an useful and effective configuration ? > > > > > > Regards, > > > > -- > > Gilles Poiret > > > > > > > > Gilles Poiret a écrit, samedi 29 décembre 2001, à 16:21 : > > > Hello, > > > > > > I plan to give my company access to Internet. My ISP propose me > partial-time access (20h) on a RNIS solution, with a router, a single IP > address (dynamic), so using private addresses for computers on my LAN. > > > > > > This offer doesn't include security stuff (excepted for e-mails). > > > So I'm wondering about risk for my network. > > > For me, the risk is null : private addesses are ... private, and no IP > services are running on workstations. > > > But I may be wrong ! > > > > > > So I appreciate advices. > > > Thanks, > > > > > > and Happy New Year ! > > > > > > -- > > > Gilles POIRET > > > > > > > > > My LAN : > > > a Windows NT 4 Server, and 10 workstations with Windows 98. > > > > > > > > > > >