Hey guys, To be honest, if your system is secure a firewall is redundant. I am aware of a company here in Perth that is part of a multi-million dollar corporation. They have NO firewalls in place and are not implimenting NAT. Infact they have live IP's for all their workstations. The reason they have no firewall and can keep running with this is because their system is secure. The biggest security risk is always going to be exploits and your own clients idiocy.
Regards Iain McAleer ----- Original Message ----- From: "Gilles Poiret" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 03, 2002 8:14 PM Subject: Re: NAT, Internet access and security > Hello, > > > Most of answers I received suggest me to set up a firewall. (My router seems to have this ability.) > But a firewall to block what ? Excepted for the router, computers can't be "to > uch" from outside of the LAN, since they have private adresses. > > The most important risk seems to be about worms, trojans, or java and javascript applications... > Some of answers talk about proxies, to prevent this kind of problems. > I can't see what improvement of security a proxy brings generally, and in particular in the case of worms & Co, specially with regard to a firewall... > If you know the answer (or a web site about that), i'm very interested ! > > > What do you think about this configuration, for the firewall's router : > - ingoing packets : SYN packets blocked (for me, useless -> private addresses) > - outgoing packets : every packets blocked, except those where destination is web, smtp, pop port. (Working context -> no irc, ....) > Is it an useful and effective configuration ? > > > Regards, > > -- > Gilles Poiret > > > > Gilles Poiret a écrit, samedi 29 décembre 2001, à 16:21 : > > Hello, > > > > I plan to give my company access to Internet. My ISP propose me partial-time access (20h) on a RNIS solution, with a router, a single IP address (dynamic), so using private addresses for computers on my LAN. > > > > This offer doesn't include security stuff (excepted for e-mails). > > So I'm wondering about risk for my network. > > For me, the risk is null : private addesses are ... private, and no IP services are running on workstations. > > But I may be wrong ! > > > > So I appreciate advices. > > Thanks, > > > > and Happy New Year ! > > > > -- > > Gilles POIRET > > > > > > My LAN : > > a Windows NT 4 Server, and 10 workstations with Windows 98. > > > > > >
