How can you be sure that the system is 'completely' secure? That seems a little naïve to me. How do you track break-ins if and when they occur?
Just curious, not judging. > -----Original Message----- > From: Iain McAleer [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 11:18 AM > To: Gilles Poiret; [EMAIL PROTECTED] > Subject: Re: NAT, Internet access and security > > > Hey guys, > > To be honest, if your system is secure a firewall is > redundant. I am aware of a company here in Perth that is part > of a multi-million dollar corporation. They have NO firewalls > in place and are not implimenting NAT. Infact they have live > IP's for all their workstations. The reason they have no > firewall and can keep running with this is because their > system is secure. The biggest security risk is always going > to be exploits and your own clients idiocy. > > Regards > Iain McAleer > > ----- Original Message ----- > From: "Gilles Poiret" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 03, 2002 8:14 PM > Subject: Re: NAT, Internet access and security > > > > Hello, > > > > > > Most of answers I received suggest me to set up a firewall. > (My router > seems to have this ability.) > > But a firewall to block what ? Excepted for the router, computers > > can't be > "to > > uch" from outside of the LAN, since they have private adresses. > > > > The most important risk seems to be about worms, trojans, > or java and > javascript applications... > > Some of answers talk about proxies, to prevent this kind of > problems. > > I can't see what improvement of security a proxy brings > generally, and > > in > particular in the case of worms & Co, specially with regard > to a firewall... > > If you know the answer (or a web site about that), i'm very > interested > > ! > > > > > > What do you think about this configuration, for the > firewall's router > > : > > - ingoing packets : SYN packets blocked (for me, useless -> private > addresses) > > - outgoing packets : every packets blocked, except those where > > destination > is web, smtp, pop port. (Working context -> no irc, ....) > > Is it an useful and effective configuration ? > > > > > > Regards, > > > > -- > > Gilles Poiret > > > > > > > > Gilles Poiret a écrit, samedi 29 décembre 2001, à 16:21 : > > > Hello, > > > > > > I plan to give my company access to Internet. My ISP propose me > partial-time access (20h) on a RNIS solution, with a router, > a single IP address (dynamic), so using private addresses for > computers on my LAN. > > > > > > This offer doesn't include security stuff (excepted for > e-mails). So > > > I'm wondering about risk for my network. For me, the risk > is null : > > > private addesses are ... private, and no IP > services are running on workstations. > > > But I may be wrong ! > > > > > > So I appreciate advices. > > > Thanks, > > > > > > and Happy New Year ! > > > > > > -- > > > Gilles POIRET > > > > > > > > > My LAN : > > > a Windows NT 4 Server, and 10 workstations with Windows 98. > > > > > > > > > > >