Re: Need Mac and PC Firewall S/W
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Need Mac and PC Firewall S/W

From: DanR <dhr22@sorrynospm.com>
Date: Mon Jul 11 2005 - 07:50:39 CEST




Duane Arnold wrote:


>> Exactly what equipment is Verizon providing? If you made it clear to


>> them that you will be connecting more than one computer then they are


>> likely supplying a modem / wireless router combo. Can be one box or


>> two. That would mean that none of your computers plug directly into


>> the modem but instead plug into the router or use the wireless


>> function. That would mean that you are behind a NAT firewall. A NAT


>> firewall simply means that your computer IP addresses are private and


>> not public. Bad people on the Internet can not then scan your public


>> IP and see your computers. This is good.


>>


>


>


> NAT is not FW software.


>


> <snip>


>


> Impostors


>


> When discussing firewalls, packet screening methods, and how firewalls


> function, there are a few misconceptions that need to be addressed.


>


> Network Address Translation (NAT)


> One technology that is commonly thought to act as a firewall solution is


> Network Address Translation (NAT). NAT translates "internal" IP addresses


> on one network to "external" IP addresses on another network. There are


> three methods NAT uses to accomplish address translation.


>


> Static NAT - maps a specific single address to another specific single


> address.


>


>


> Example:


> 10.0.0.1   -mapped to-   168.13.1.1


>


>


> Pooled NAT- dynamically maps all specific single addresses to a pool or


> range of external addresses.


>


>


> Example:


> 10.0.0.1-10.0.0.254  -mapped to-  168.13.1.1-168.13.1.254


>


>


> Port Level NAT- dynamically maps all specific single internal addresses


> to a specific single external address. The internal address is mapped or


> identified by the specific external address in combination with a unique


> port number.


>


> Example:


> 10.0.0.1  -mapped to-  168.13.1.1:1084


> 10.0.0.2  -mapped to-  168.13.1.1:1085


> 10.0.0.3  -mapped to-  168.13.1.1:1086


>


>


> By comparing the way NAT functions between two networks, and the way


> packet screening methods function between two networks, you can see that


> NAT does not adhere to the firewall definition. NAT does not control


> access between the networks. Some may argue that NAT does control access


> because you cannot "see" the internal network. NAT does this not by using


> rules or filters, however, but through concealment. It hides the network


> from outside users.


>


> <snip>


>


> Duane :)



What if I said SPI firewall? Do you think that qualifies? I don't know if the


Verizon supplied gear has that but Linksys claims it as a "firewall" in ads and


packaging.


Received on Thu Sep 29 19:58:20 2005