Something I often hear/read is that on a network that is connected to a NAT
router that there ought to be a firewall between the internet and the NAT
router. Personally I'm sceptical, but can anyone give me a reason why that
would be desirable?
Thanks.
--
Brian Cryer
www.cryer.co.uk/brian
In article
127.0.0.1.ntlworld.com says...
> Something I often hear/read is that on a network that is connected to a NAT
> router that there ought to be a firewall between the internet and the NAT
> router. Personally I'm sceptical, but can anyone give me a reason why that
> would be desirable?
NAT is a method of Routing traffic, from one network to another. In the
case of these home/residential grade devices they offer a method to take
1 IP (public) and allow MANY nodes (LAN/Private) to share it.
A firewall may or may not implement NAT, and certainly doesn't have to
do a 1:MANY solution, and could be completely transparent.
Many firewalls have additional firewall features that allow them to
determine if (say you have a HTTP rule) TCP port 80 is being used for
HTTP communications or some other communications and block the "some
other". Many firewalls have features to inspect the traffic and remove
malformed content or undesired content from the session.
A firewall can detect attacks and block them properly.
A firewall can block ranges of ports in and out of your network.
A firewall often allows for Branch Office VPN setups between locations.
The biggest difference between a firewall and a NAT Router is that the
Firewall will block outbound connections and a NAT Router often has no
method to block outbound or has limited ability to block outbound - in
addition to the larger ability to detect attacks and block them.
--
Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Brian,
I would say the most important thing here is a good router, and not
the kind that many ISPs give thier customers. I call these cheapo
routers Bob=B4s Router because sometimes its hard to know who made them.
Researchers find holes in these kinds of routers and so when a bad guy
owns your router.....it's game over. In a most situations the router
faces the world and the firewall sits behind it, hence the importance
of having a solid router.
Later,
Lyle
"Leythos"
news:MPG.21b7214743485e47989869@adfree.Usenet.com...
> In article
> 127.0.0.1.ntlworld.com says...
>> Something I often hear/read is that on a network that is connected to a
>> NAT
>> router that there ought to be a firewall between the internet and the NAT
>> router. Personally I'm sceptical, but can anyone give me a reason why
>> that
>> would be desirable?
>
> NAT is a method of Routing traffic, from one network to another. In the
> case of these home/residential grade devices they offer a method to take
> 1 IP (public) and allow MANY nodes (LAN/Private) to share it.
>
> A firewall may or may not implement NAT, and certainly doesn't have to
> do a 1:MANY solution, and could be completely transparent.
>
> Many firewalls have additional firewall features that allow them to
> determine if (say you have a HTTP rule) TCP port 80 is being used for
> HTTP communications or some other communications and block the "some
> other". Many firewalls have features to inspect the traffic and remove
> malformed content or undesired content from the session.
>
> A firewall can detect attacks and block them properly.
>
> A firewall can block ranges of ports in and out of your network.
>
> A firewall often allows for Branch Office VPN setups between locations.
>
> The biggest difference between a firewall and a NAT Router is that the
> Firewall will block outbound connections and a NAT Router often has no
> method to block outbound or has limited ability to block outbound - in
> addition to the larger ability to detect attacks and block them.
Thank you.
Thanks Lyle.
As it happens I've only just recently ordered a replacement router for our
office for the one the ISP provided. (Mostly because the current one
restricts us on VPN.)
"Lyle"
news:09e888ae-abd9-4bc1-ac01-f0d61324fe36@y20g2000hsy.google groups.com...
Brian,
I would say the most important thing here is a good router, and not
the kind that many ISPs give thier customers. I call these cheapo
routers BobĀ“s Router because sometimes its hard to know who made them.
Researchers find holes in these kinds of routers and so when a bad guy
owns your router.....it's game over. In a most situations the router
faces the world and the firewall sits behind it, hence the importance
of having a solid router.
Later,
Lyle