Security Basics mailing list archives
RE: Physical Firewalls VS NAT
From: <Leonard.Ong () nokia com>
Date: Thu, 31 Oct 2002 11:11:50 +0800
Hi Rick, The physical firewall will provide much more than blocking incoming request. 1. You may want to block outgoing connection to certain IP address / location 2. you want to implement Anti-spoofing 3. You want to have control of what incoming connection allowed and what's not, rather than disallowing it altogether. 4. Better logs and audit capabilities 5. Possible integration with Anti Virus, URL filtering, Content filtering 6. Block Java, and ActiveX 7. Designate a DMZ segment, rather than one segment intranet and one uplink to internet. Worse joining DMZ server inside intranet segment by using static port mapping. List goes on. For home network, I would say for ROI, just install a linksys router with HIDE NAT and personal firewall+IDS in each workstation. On higher requirement or Small network upwards you may consider firwall. It is also related to concept Due Care and Due diligence. If you did not implement proper proctection (firewall), you may be liable to any violation directed from your network. Regards, Leonard Ong, CISSP, CSS-1, CCSE, MCSE, MCDBA, CCNP, CCDP, NSA, LCP Network Security Specialist, APAC NOKIA Email. Leonard.Ong () nokia com Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 -----Original Message----- From: ext Rick Darsey [mailto:rdarsey () aims1 com] Sent: Wednesday, October 30, 2002 11:10 PM To: Security Basics Subject: Physical Firewalls VS NAT I am not sure if this is the right list for this question. If it is not, please let me know where to post it. I am doing some research for one of my clients. They have requested a physical firewall installed on their network. They are already running a NAT'ed network behind a LinkSYS router. In this situation, what benifits, if any, will the physical firewall provide? The LinkSYS router already does port filtering and forwarding, and blocks incoming WAN requests. This is my understanding of what a firewall does. Granted, the firewall will be more granular, but is it necessary, or just redundant? Thanks Rick Darsey AIMS, Inc.
Current thread:
- Physical Firewalls VS NAT Rick Darsey (Oct 30)
- RE: Physical Firewalls VS NAT Chad Butler (Oct 31)
- <Possible follow-ups>
- Re: Physical Firewalls VS NAT Chris Berry (Oct 31)
- RE: Physical Firewalls VS NAT Leonard.Ong (Oct 31)