On 02/02/2019 23.11, James Knott wrote:
On 02/02/2019 04:28 PM, Dave Howorth wrote:
I've been thinking about security a bit. Most of my home security depends on my ADSL router and especially on the NAT it provides. Now I could try to harden every machine on my network, which I admit would be best practice, but (a) I'm lazy and (b) I've got little control over some of the devices on the network. So I've been wondering about putting another dedicated machine in between my router and my network to make it harder to penetrate. My router also provides my WAN, FWIW.
NAT doesn't provide any security, beyond what a properly configured firewall can do.
My previous ISP provided router had NAT but no firewall active by default. Even more, its web control page did not allow to activate the firewall. The trick was to save config to a file, edit it on the computer, add firewall config token, and reload config. Then the firewall appeared on the control page and could be activated. The official stance was that NAT was enough security. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)