[Dshield] NAT: Secure?
Pablo at condumex.com
Wed Aug 27 15:34:25 GMT 2003
If you needed to access the internet without exposing any services to the world. I know of at least one "real firewall" that will use NAT alone to defend your network. A "NAT firewall" is in the firewall to use for networks without open services. Anything above that is an overkill IMHO.
From: Keith Bergen [mailto:keith at keithbergen.com]
Sent: Wednesday, August 27, 2003 9:35 AM
To: General DShield Discussion List
Subject: Re: [Dshield] NAT: Secure?
Just to start off, a "NAT Firewall" is not a firewall. It is,
however, a fairly good way for people to add some protection
to their home network.
Basically, NAT is designed to allow multiple computers behind
a single point to access the Internet etc. The outside world
only "sees" the router, so it wouldn't see your valuable data
on your home PC.
When a request for a port comes to the NAT router, let's say
port 135, the NAT router either knows to forward it, or
doesn't. If you haven't told it how to forward 135, it just
Hope this simple explanation from an even simpler individual
I've logged all the connections that my router has "turned
away" since april.
---- Original message ----
>Date: 27 Aug 2003 08:49:49 -0400
>From: Alan Frayer <afrayer at frayernet.com>
>Subject: [Dshield] NAT: Secure?
>To: list at dshield.org
>Please pardon the basic question, but I'm filling holes in my
>understanding of firewalls, and figure this is a good place
to do so.
>How secure is NAT? One sees advertised dozens of inexpensive
>routers with simple NAT firewalls (which isn't really a
>know; the firewall is a side effect of the purpose of NAT),
and I wonder
>if the public isn't being taken by depending on these
>Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
>Seeking an IT Mgmt/Network Admin position in the Tampa Bay
>If you would like to discuss an opportunity with me, please
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list