[SunRescue] router security
Greg A. Woods
rescue at sunhelp.org
Sat Apr 21 19:50:50 CDT 2001
[ On Saturday, April 21, 2001 at 11:14:45 (-0400), Michael S. Schiller wrote: ]
> Subject: [SunRescue] router security
>
> With all this discussion of cable routers, etc. I was wondering... I
> have a Netgear ISDN router that has a NAT server built into it, and
> I have a few ports going to various machines on my network. It has an
> option to set one IP as the default (anything specifically not
> redirected would go to the default) which I don't have set, so in theory
> anything trying to get in via a port not listed in my NAT config won't
> get past the router. How secure is this setup?
A NAT alone is not ``secure'' and is not a replacement for a firewall.
It can help, but it should not be used as a security device or as part
of a security solution without understanding its limitations and the
threats it faces. A bi-directional NAT, for example, provides
absolutely no protection whatsoever for the particular devices it is
providing access to -- it's effectively just a bridge or router that
changes the addresses in the header of each packet crossing it.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods at acm.org> <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list