-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Billie Erin Walsh wrote: > Jonathan Arnold wrote: >> Theo v. Werkhoven wrote: >> >>> Thu, 21 Jun 2007, by [EMAIL PROTECTED]: >>> >>> >>>> Kenneth Schneider wrote: >>>> >>>>> On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote: >>>>> >>>>>>>> It is a Speedtouch ADSL modem. Don't know about firewall >>>>>>>> capabilities. >>>>>>>> >>>>> The "firewall capabilities" used by most of these modems is called NAT >>>>> which stands for Network Address Translation ( there are other features >>>>> available ). What this basically does is prevent an outside connection
NAT is not in itself a security technology. It does give a limited security by obscurity by hiding machines on a local lan from the outside world but not a lot other than that. What a firewall gives is what can be accessed, how it can be accessed and from where. With more sophisticated technologies (e.g. Novells Border manager) one can also define who can access what. <snip> >>>>> >>>> Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a >>>> firewall, as I imagine there very few installations where a user's computer >>>> is directly on the Internet these days. I always run behind a router, >>>> and thus don't need a firewall. If you have your cable modem plugged >>>> into a switch or router (ie, if your computer is on a 192.168 network), >>>> you don't need a firewall. And yet I can't get Windows to stop complaining >>>> about the fact I don't have the firewall turned on. The difficulty with this proposition is the assumption that all machines on the local lan are adequately secured and used by reliable and trustworthy people. Any security is only as strong as its weakest link, and in most cases it is not the technology on the network but the people using that technology which present the problem. Unfortunately, there is nothing to stop an unsecured machine or malicious (or stupid) user from attempting (deliberately or inadvertently) to establish a link with an external site that that could effectively bypass firewall or NAT based security assumptions. A firewall policy for both external access and internal lan access is a requirement on any network, and when combined with locking down external access to SMTP and websites to proxy servers and mail hubs should at least make such attacks more difficult As Windows is particularly vulnerable to this kind subversive attack this kind of nagging is probably a good thing. >>>> >>> >> Yes, not to say there aren't always exceptions, but I'm still willing to >> bet firewalls, for many people, have caused more problems than they have >> solved. >> <snip> >> >> Usually, this is because people do not understand what they are doing and why they are doing it. The link below is worth exploring... http://www.theregister.co.uk/2007/05/31/security_analogies/ > > Our ISP has a master firewall on his fiber connections that is WAY more > powerful than anything I would pay for. We are three layers inside his > network. Each access point has it's own powerful firewall. This feeds > through the modem to a router with a firewall. That's five firewalls > between me and the fiber. If they want in bad enough to get through all > that they can have it. I can't see where having a firewall on my > computer is going to make any difference. I am intrigued by the concept of 3 levels of firewall giving 5 firewalls, enlighten me on the math please? >They keep honest people honest. The only > sure fire way to keep someone out of your computer is to unplug the > network cable, remove the modem, and unplug it from the wall. Anything > short of that.......NO guarantees. > - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGfChvasN0sSnLmgIRAv4vAKDnvJJJIlxUUn1s2R6mXtXnQsm8IwCfaDzv pIHUtqj/drKAv07ysY2kT1s= =j4XI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
