Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Network security question
From:
Dave Gillett <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Thu, 22 Jul 1999 11:34:58 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (46 lines) 
On 22 Jul 99, at 11:55, Ludovic d'Anchald wrote:

> And what about "NAT" (Network Address Translation) ? In our Company, we
> use WinRoute, which is a rather cheap and efficient way to share an
> Internet connection (actually, it makes the PC a router I guess), and it
> does perform NAT, and as far as I remember, it have read somewhere NAT
> makes a firewall obsolete, whith a *much* easier administration. True ?

  NAT and "firewall" (some approaches, anyway) are both optional features
which may be included on a "router".  They're largely orthogonal -- I would
be extremely suspicious of any claim that one makes the other obsolete.


  Your comment above was a response to my suggestion that in a *business*
network, an actual dedicated firewall machine would be a good idea.
Depending on capacity and features, could a business get by with something
like WinRoute instead?
  The view amongst computer security professionals is pretty solidly "no".
For the detailed reasoning, I recommend Cheswick and Bellovin's "Firewalls
and Internet Security", but the short version is that anything else that is
on the machine that you're relying on as a firewall/router (a) may not be
properly protected by those functions of the machine, and (b) may expose
vulnerabilities which allow an intruder to disable or bypass the protections
those functions were supposed to give the rest of your network.
  So a solution like WinRoute will be criticized because (a) users will be
tempted to run other stuff -- web server, mail server, even use as a
workstation -- on the WinRoute machine, and (b) even if you don't do any of
that, you've got a fairly complete installation of Windows itself on there.
[Using NT would help somewhat.]

  WinRoute and its competitors make it possible to share an Internet
connection (and a single IP address!) with an entire LAN, without having to
learn a whole lot of new technology; this is certainly useful.  But these
products are not really designed to protect your LAN from intruders, and
simply concealing some details of your LAN configuration is no substitute for
actual filtering of inappropriate traffic.




David G

                PCSOFT mailing list is brought to you by:
                         The NOSPIN Group, Inc.
                  http://nospin.com - http://nospin.org

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV