Sender: |
|
Date: |
Fri, 17 May 2002 01:33:31 -0700 |
Reply-To: |
|
Content-type: |
text/plain; charset=US-ASCII |
Subject: |
|
MIME-Version: |
1.0 |
In-Reply-To: |
<000a01c1fc60$54877cf0$6b7ba8c0@halvan3> |
Content-transfer-encoding: |
7BIT |
From: |
|
Parts/Attachments: |
|
|
On 16 May 2002, at 0:31, Goran Halfvarson wrote:
> 1. Your router provides firewall protection by means of NAT. This
> means that the IP addresses (which should be from dedicated set of
> private IP addresses) cannot be seen, nor accessed, from the
> outside WAN (internet). Normally no special configuration has to be
> done, this is basic functionality of a broadband router.
>
> 2. NAT is built into the firmware of the router.
NAT is not a firewall, and while it is a common firmware feature on
broadband routers, you may need to explicitly enable it. It *can*
make it somewhat harder for an outside attacker to reach your
machine(s), but that's not its primary purpose.
> 3. Yes, leave ZoneAlarm etc in place.
> A SW firewall will prevent unauthorized outgoing access from your
> computers to the WAN (internet). E.g. trojan horses will be
> prevented from accessing their "masters". (A SW firewall will also
> prevent unauthorized incoming access, if access has not already
> been stopped by the NAT router.)
A *good* software firewall will do this. Steve Gibsone
(www.grc.com) insists that the "BlackICE Defender" product lacks this
capability, and that the vendir has attempted to conceal this lack
rather than fix it.
ZoneAlarm is a good choice, and is free for personal use.
David Gillett
The NOSPIN Group is now offering Free PC Tech
support at our newest website:
http://freepctech.com
|
|
|