Hi Rick,
The physical firewall will provide much more than blocking incoming request.
1. You may want to block outgoing connection to certain IP address / location
2. you want to implement Anti-spoofing
3. You want to have control of what incoming connection allowed and what's not, rather
than disallowing it altogether.
4. Better logs and audit capabilities
5. Possible integration with Anti Virus, URL filtering, Content filtering
6. Block Java, and ActiveX
7. Designate a DMZ segment, rather than one segment intranet and one uplink to
internet. Worse joining DMZ server inside intranet segment by using static port
mapping.
List goes on.
For home network, I would say for ROI, just install a linksys router with HIDE NAT and
personal firewall+IDS in each workstation. On higher requirement or Small network
upwards you may consider firwall.
It is also related to concept Due Care and Due diligence. If you did not implement
proper proctection (firewall), you may be liable to any violation directed from your
network.
Regards,
Leonard Ong, CISSP, CSS-1, CCSE, MCSE,
MCDBA, CCNP, CCDP, NSA, LCP
Network Security Specialist, APAC
NOKIA
Email. [EMAIL PROTECTED]
Mobile. +65 9431 6184
Phone. +65 6723 1724
Fax. +65 6723 1596
-----Original Message-----
From: ext Rick Darsey [mailto:rdarsey@;aims1.com]
Sent: Wednesday, October 30, 2002 11:10 PM
To: Security Basics
Subject: Physical Firewalls VS NAT
I am not sure if this is the right list for this question. If it is not,
please let me know where to post it.
I am doing some research for one of my clients. They have requested a
physical firewall installed on their network. They are already running a
NAT'ed network behind a LinkSYS router.
In this situation, what benifits, if any, will the physical firewall
provide? The LinkSYS router already does port filtering and forwarding, and
blocks incoming WAN requests. This is my understanding of what a firewall
does. Granted, the firewall will be more granular, but is it necessary, or
just redundant?
Thanks
Rick Darsey
AIMS, Inc.
