G T Smith wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Billie Erin Walsh wrote:
Jonathan Arnold wrote:
Theo v. Werkhoven wrote:
Thu, 21 Jun 2007, by jdarnold@buddydog.org:
Kenneth Schneider wrote:
On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:
>>> It is a Speedtouch ADSL modem. Don't know about firewall >>> capabilities. >>> The "firewall capabilities" used by most of these modems is called NAT which stands for Network Address Translation ( there are other features available ). What this basically does is prevent an outside connection
NAT is not in itself a security technology. It does give a limited security by obscurity by hiding machines on a local lan from the outside world but not a lot other than that.
What a firewall gives is what can be accessed, how it can be accessed and from where. With more sophisticated technologies (e.g. Novells Border manager) one can also define who can access what.
<snip>
Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a firewall, as I imagine there very few installations where a user's computer is directly on the Internet these days. I always run behind a router, and thus don't need a firewall. If you have your cable modem plugged into a switch or router (ie, if your computer is on a 192.168 network), you don't need a firewall. And yet I can't get Windows to stop complaining about the fact I don't have the firewall turned on.
The difficulty with this proposition is the assumption that all machines on the local lan are adequately secured and used by reliable and trustworthy people. Any security is only as strong as its weakest link, and in most cases it is not the technology on the network but the people using that technology which present the problem.
But I'm talking about a home network with 1-3 PCs hooked on to it, mostly running games and the like. Barring something happening from inside, it just isn't a worry. Not to say as my kids get older, I won't have to look into a firewall to avoid any bad accidents. But until then, my home network is pretty safe behind my NAT router.
Unfortunately, there is nothing to stop an unsecured machine or malicious (or stupid) user from attempting (deliberately or inadvertently) to establish a link with an external site that that could effectively bypass firewall or NAT based security assumptions. A firewall policy for both external access and internal lan access is a requirement on any network, and when combined with locking down external access to SMTP and websites to proxy servers and mail hubs should at least make such attacks more difficult
As Windows is particularly vulnerable to this kind subversive attack this kind of nagging is probably a good thing.
Yes, not to say there aren't always exceptions, but I'm still willing to bet firewalls, for many people, have caused more problems than they have solved. <snip>
Usually, this is because people do not understand what they are doing and why they are doing it. The link below is worth exploring...
Thanks for the link. -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org