[Dshield] NAT: Secure?

Pablo Morales Pablo at condumex.com
Wed Aug 27 15:34:25 GMT 2003


If you needed to access the internet without exposing any services to the world. I know of at least one "real firewall" that will use NAT alone to defend your network. A "NAT firewall" is in the firewall to use for networks without open services. Anything above that is an overkill IMHO.

Pablo

-----Original Message-----
From: Keith Bergen [mailto:keith at keithbergen.com]
Sent: Wednesday, August 27, 2003 9:35 AM
To: General DShield Discussion List
Subject: Re: [Dshield] NAT: Secure?


Just to start off, a "NAT Firewall" is not a firewall. It is, 
however, a fairly good way for people to add some protection 
to their home network.


Basically, NAT is designed to allow multiple computers behind 
a single point to access the Internet etc. The outside world 
only "sees" the router, so it wouldn't see your valuable data 
on your home PC.

When a request for a port comes to the NAT router, let's say 
port 135, the NAT router either knows to forward it, or 
doesn't. If you haven't told it how to forward 135, it just 
goes away.

Hope this simple explanation from an even simpler individual 
helps.

I've logged all the connections that my router has "turned 
away" since april.
http://keithbergen.dyndns.org/cgi-bin/rlac.pl

Keith.


---- Original message ----
>Date: 27 Aug 2003 08:49:49 -0400
>From: Alan Frayer <afrayer at frayernet.com>  
>Subject: [Dshield] NAT: Secure?  
>To: list at dshield.org
>
>Please pardon the basic question, but I'm filling holes in my
>understanding of firewalls, and figure this is a good place 
to do so.
>
>How secure is NAT? One sees advertised dozens of inexpensive 
broadband
>routers with simple NAT firewalls (which isn't really a 
firewall, I
>know; the firewall is a side effect of the purpose of NAT), 
and I wonder
>if the public isn't being taken by depending on these 
devices.
>
>_____________________________________________________________
___________
>Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
>Seeking an IT Mgmt/Network Admin position in the Tampa Bay 
Region
>If you would like to discuss an opportunity with me, please 
e-mail.
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list