Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Physical Firewalls VS NAT

From: <Leonard.Ong () nokia com>
Date: Thu, 31 Oct 2002 11:11:50 +0800
Hi Rick,

The physical firewall will provide much more than blocking incoming request.

1. You may want to block outgoing connection to certain IP address / location
2. you want to implement Anti-spoofing
3. You want to have control of what incoming connection allowed and what's not, rather than disallowing it altogether.
4. Better logs and audit capabilities
5. Possible integration with Anti Virus, URL filtering, Content filtering
6. Block Java, and ActiveX
7. Designate a DMZ segment, rather than one segment intranet and one uplink to internet. Worse joining DMZ server 
inside intranet segment by using static port mapping.

List goes on.

For home network, I would say for ROI, just install a linksys router with HIDE NAT and personal firewall+IDS in each 
workstation. On higher requirement or Small network upwards you may consider firwall.

It is also related to concept Due Care and Due diligence. If you did not implement proper proctection (firewall), you 
may be liable to any violation directed from your network.



Regards,
Leonard Ong, CISSP, CSS-1, CCSE, MCSE, 
             MCDBA, CCNP, CCDP, NSA, LCP
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596




-----Original Message-----
From: ext Rick Darsey [mailto:rdarsey () aims1 com]
Sent: Wednesday, October 30, 2002 11:10 PM
To: Security Basics
Subject: Physical Firewalls VS NAT




I am not sure if this is the right list for this question. If it is not,
please let me know where to post it.

I am doing some research for one of my clients.  They have requested a
physical firewall installed on their network.  They are already running a
NAT'ed network behind a LinkSYS router.

In this situation, what benifits, if any, will the physical firewall
provide?  The LinkSYS router already does port filtering and forwarding, and
blocks incoming WAN requests.  This is my understanding of what a firewall
does.  Granted, the firewall will be more granular, but is it necessary, or
just redundant?


Thanks

Rick Darsey
AIMS, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: