Re: [opensuse] Re: simple LAN

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Billie Erin Walsh wrote:
Jonathan Arnold wrote:
Theo v. Werkhoven wrote:

Thu, 21 Jun 2007, by jdarnold@xxxxxxxxxxxx:


Kenneth Schneider wrote:

On Mon, 2007-06-18 at 11:00 +0100, Robert Best wrote:

It is a Speedtouch ADSL modem. Don't know about firewall
capabilities.

The "firewall capabilities" used by most of these modems is called NAT
which stands for Network Address Translation ( there are other features
available ). What this basically does is prevent an outside connection

NAT is not in itself a security technology. It does give a limited
security by obscurity by hiding machines on a local lan from the outside
world but not a lot other than that.

What a firewall gives is what can be accessed, how it can be accessed
and from where. With more sophisticated technologies (e.g. Novells
Border manager) one can also define who can access what.

<snip>

Yes, exactly. I've never understood the Wild Eyed(tm) insistence on a
firewall, as I imagine there very few installations where a user's computer
is directly on the Internet these days. I always run behind a router,
and thus don't need a firewall. If you have your cable modem plugged
into a switch or router (ie, if your computer is on a 192.168 network),
you don't need a firewall. And yet I can't get Windows to stop complaining
about the fact I don't have the firewall turned on.

The difficulty with this proposition is the assumption that all machines
on the local lan are adequately secured and used by reliable and
trustworthy people. Any security is only as strong as its weakest link,
and in most cases it is not the technology on the network but the people
using that technology which present the problem.

Unfortunately, there is nothing to stop an unsecured machine or
malicious (or stupid) user from attempting (deliberately or
inadvertently) to establish a link with an external site that that could
effectively bypass firewall or NAT based security assumptions. A
firewall policy for both external access and internal lan access is a
requirement on any network, and when combined with locking down external
access to SMTP and websites to proxy servers and mail hubs should at
least make such attacks more difficult

As Windows is particularly vulnerable to this kind subversive attack
this kind of nagging is probably a good thing.



Yes, not to say there aren't always exceptions, but I'm still willing to
bet firewalls, for many people, have caused more problems than they have
solved.
<snip>



Usually, this is because people do not understand what they are doing
and why they are doing it. The link below is worth exploring...

http://www.theregister.co.uk/2007/05/31/security_analogies/




Our ISP has a master firewall on his fiber connections that is WAY more
powerful than anything I would pay for. We are three layers inside his
network. Each access point has it's own powerful firewall. This feeds
through the modem to a router with a firewall. That's five firewalls
between me and the fiber. If they want in bad enough to get through all
that they can have it. I can't see where having a firewall on my
computer is going to make any difference.

I am intrigued by the concept of 3 levels of firewall giving 5
firewalls, enlighten me on the math please?

They keep honest people honest. The only
sure fire way to keep someone out of your computer is to unplug the
network cable, remove the modem, and unplug it from the wall. Anything
short of that.......NO guarantees.



- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.

Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGfChvasN0sSnLmgIRAv4vAKDnvJJJIlxUUn1s2R6mXtXnQsm8IwCfaDzv
pIHUtqj/drKAv07ysY2kT1s=
=j4XI
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall Suggestions
    ... servers on a peer to peer network topology. ... > to access the other computers across the network. ... enough security without adding a software firewall. ... it was before the security craze of recent. ...
    (comp.security.firewalls)
  • [opensuse] Re: simple LAN
    ... NAT is not in itself a security technology. ... What a firewall gives is what can be accessed, ... into a switch or router (ie, if your computer is on a 192.168 network), ...
    (SuSE)