G T Smith wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Billie Erin Walsh wrote: >> Jonathan Arnold wrote: >>> Theo v. Werkhoven wrote: >>> >>>> Thu, 21 Jun 2007, by [EMAIL PROTECTED]: >>>> >>>> >>>>> Kenneth Schneider wrote: >>>>> >>>>>> On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote: >>>>>> >>>>>>>>> It is a Speedtouch ADSL modem. Don't know about firewall >>>>>>>>> capabilities. >>>>>>>>> >>>>>> The "firewall capabilities" used by most of these modems is called NAT >>>>>> which stands for Network Address Translation ( there are other features >>>>>> available ). What this basically does is prevent an outside connection > > NAT is not in itself a security technology. It does give a limited > security by obscurity by hiding machines on a local lan from the outside > world but not a lot other than that. > > What a firewall gives is what can be accessed, how it can be accessed > and from where. With more sophisticated technologies (e.g. Novells > Border manager) one can also define who can access what. > > <snip> >>>>>> >>>>> Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a >>>>> firewall, as I imagine there very few installations where a user's >>>>> computer >>>>> is directly on the Internet these days. I always run behind a router, >>>>> and thus don't need a firewall. If you have your cable modem plugged >>>>> into a switch or router (ie, if your computer is on a 192.168 network), >>>>> you don't need a firewall. And yet I can't get Windows to stop complaining >>>>> about the fact I don't have the firewall turned on. > > The difficulty with this proposition is the assumption that all machines > on the local lan are adequately secured and used by reliable and > trustworthy people. Any security is only as strong as its weakest link, > and in most cases it is not the technology on the network but the people > using that technology which present the problem.
But I'm talking about a home network with 1-3 PCs hooked on to it, mostly running games and the like. Barring something happening from inside, it just isn't a worry. Not to say as my kids get older, I won't have to look into a firewall to avoid any bad accidents. But until then, my home network is pretty safe behind my NAT router. > Unfortunately, there is nothing to stop an unsecured machine or > malicious (or stupid) user from attempting (deliberately or > inadvertently) to establish a link with an external site that that could > effectively bypass firewall or NAT based security assumptions. A > firewall policy for both external access and internal lan access is a > requirement on any network, and when combined with locking down external > access to SMTP and websites to proxy servers and mail hubs should at > least make such attacks more difficult > > As Windows is particularly vulnerable to this kind subversive attack > this kind of nagging is probably a good thing. > >>>>> >>>> >>> Yes, not to say there aren't always exceptions, but I'm still willing to >>> bet firewalls, for many people, have caused more problems than they have >>> solved. >>> <snip> > > Usually, this is because people do not understand what they are doing > and why they are doing it. The link below is worth exploring... > > http://www.theregister.co.uk/2007/05/31/security_analogies/ Thanks for the link. -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
