Thread: Nat
-
July 15th, 2003, 11:57 PM
#1
Member
Nat
I was recently helping a friend install a router and network at his home (lucky him), and was wondering about NAT. How secure is NAT? My other buddy who is a net admin himself was telling me it was secure enough that you dont need to even run a firewall? It seems to me that it would not be secure enought for this but I'm not very sure. Please help
-
July 16th, 2003, 12:03 AM
#2
My other buddy who is a net admin himself was telling me it was secure enought that you dont need to even run a firewall?
I'm glad this guy is not my "net admin".
Telling someone that having NAT will suffice without a firewall is like telling someone that cheese has to be on the mouse trap to get whapped.
Tell him to go get a firewall like Outpost from www.agnitum.com to go with his NAT.
-
July 16th, 2003, 12:11 AM
#3
Well, acutally, for a home setup, I'd feel rather comfortable with a home router doing nat and up to date antivirus software running on the inside computers...
Sure it might not be the "ultimate uber-secure" setup, but hey, it's a home (assumebly low profile) setup...
Besides, if you run a Linux or BSD firewall, you're not actually doing that much more than NATing outgoing and blocking incomming (on a basic setup).
Ammo
Credit travels up, blame travels down -- The Boss
-
July 16th, 2003, 12:23 AM
#4
Senior Member
NAT
-
July 16th, 2003, 12:27 AM
#5
Network Address Translation...
Ie: Translating the private ip address of outgoing packets to the public IP of the public (internet facing) interface, thus allowing hosts with private addresses (RFC 1918) to access hosts on the internet...
For more do a little searching, you'll find *plenty*...
Ammo
Credit travels up, blame travels down -- The Boss
-
July 16th, 2003, 04:33 AM
#6
i wouldn't feel comfortable with just a NATed router but if your not mapping any ports to services you'd be fairly secure
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
July 16th, 2003, 07:00 AM
#7
For home setup NAT without a firewall would be fine for regular use provided that u do not open any ports. As ammo put in the definition of NAT. It obscures the inside network from the outside network. However, it is not totally secure as it can still be bypassed by other means.
If you only use it for surfing and the information on it is not that important if it gets stolen then that would be fine. But if u need more security and maybe use it for something like banking and other important stuff. Then most people would recommend a firewall and up to date anti virus software.
As recommended by paulie. Outopst is quite good. Another firewall u might want to look at is from this site Kerio
-
July 16th, 2003, 08:10 AM
#8
NAT without a firewall ?
How do you protect the WAN IP from hacks into the 'router' (assuming it is a 2 NIC computer)
Once inside the router......the entire network (NAT or not) is open.
-
July 16th, 2003, 01:33 PM
#9
NAT is relatively secure assuming that the NAT device allows _only_ egress. If all packets are dropped at the NAT device that are trying to come inbound then, to all intents and purposes, it is a firewall. Are there ways to circumvent the NAT device? Of course, depending upon the sophistication of the device - if it does stateful packet inspection, (SPI), then it is more secure than a device that does not. Are there ways to circumvent firewalls? Of course..... It's all a matter of how the devices are set up.
For a home user something like the Linksys BEFSR41 in it's default configuration is ample sufficient protection from malicious ingress for a low cost and a simple installation.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 16th, 2003, 01:53 PM
#10
Originally posted here by Tiger Shark
NAT is relatively secure assuming that the NAT device allows _only_ egress. If all packets are dropped at the NAT device that are trying to come inbound then, to all intents and purposes, it is a firewall.
While I would certainly agree that PAT (not NAT) does provide protection, I would not go so far as to say that it is a firewall or a replacement for a firewall. As defined in the RFC for NAT, the packet never gets inspected past the network layer and cannot filter based on ports or services (which is what a firewall does). NAT by istelf was never intended to provide any type of security. Like I said however, you are definately better off with PAT which is what most SOHO devices use. Many of these devices will provide you with an adequate level of security if you use egress traffic only, but if you are hosting servers I would not rely on them alone.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|