On 4/29/2008 7:39 PM, Robert Maxwell wrote:
The following is my interpretation of our official policies in place now. Note
that I am in OIT Security, so when - speak of NTS-related items, those
interpretations are subject to revision.
Rob,
Thanks for taking the time to respond; it's appreciated. This helps.
I know that in some cases, wired routers with NAT are used in part as a
poor-man's firewall. Putting PCs behind a NAT'ing router makes it harder for
the bad guys to probe for listening ports. This is no substitute for keeping
machines patched (especially when many (most?) exploits these days take
advantage of client-side vulnerabilities in office applications, media players,
etc.) but it adds some defense-in-depth.
In particular, when doing a clean OS install, I like to put the machine behind
a NAT'ing router when it's first connected to the net to apply OS patches.
Once that's done I remove the router and give the machine a routable IP.
Thanks again.
-David
--
David Eisner
CALCE Center University of Maryland
