Firewall Wizards mailing list archives
RE: Home Environment Cisco
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Fri, 30 May 2003 16:23:54 -0500
Filtering outbound... stateful inspection... DoS controls in place... proxy filtering... SMURF, Flood, Teardrop, Land and exploit prevention, most of the ICSA labs requirements... other than that, it sounds great!! :-( Sometimes I think that GRC, NMap and Nessus are the worst security tools out there. People run them, get negatives and think "wow, I must really be doing great". Unfortunately it seems that a lot of folks seem to think that as long as GRC "Shields UP" says everything looks good, it is. I really wish the NAT proponents would read the RFC where the authors themselves condemn NAT as a security solution in and of itself. It is a great component of a security solution, but it is not alone a solution. If the folks that authored it realize this, no offense but I doubt any of us here are bright enough to find a flaw in that logic. Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: hermit921 [mailto:hermit921 () yahoo com] Sent: Friday, May 30, 2003 12:29 To: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Home Environment Cisco Given all this discussion, I have to ask about NAT. I have a small Netgear DSL router (using NAT) at home. I consider it a great firewall because it doesn't let in any packets at all when I run nmap scans from the outside. It syslogs to my unix machine. What more could I want in a firewall for a home environment? hermit921 At 10:26 PM 5/29/2003 +0200, Ben Nagy wrote:-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of salgak () speakeasy net Sent: Thursday, May 29, 2003 9:39 PM To: nathan.grandbois () cerdant com; firewall-wizards () honor icsalabs com-----Original Message----- From: Nathan [mailto:nathan.grandbois () cerdant com] He has a Solaris ultra 60, and two win98 workstations at home he wants to be able to communicate, as well as have access totheinternet (NAT).[deleted]Reminder: a 50-dollar router from BestBuy also includes a Firewall. A Cisco 1600 or 2500-series will not. And NAT is NOT a firewall.[deleted] I'm not going to run over the NAT / FW discussion again, I think myopinionon the matter is pretty well documented in the archives, but I am morethanhappy to use _dynamic_ NAT as a pretty effective security mechanism forhomeusers. I do normally back it up with ACLs anyway, but that's just out of general principle. ben_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Home Environment Cisco, (continued)
- RE: Home Environment Cisco Nathan (May 29)
- RE: Home Environment Cisco Bob Wanamaker - Avant Systems, Inc. (May 30)
- RE: Home Environment Cisco Ben Nagy (May 30)
- RE: Home Environment Cisco hermit921 (May 30)
- RE: Home Environment Cisco Nathan (May 29)
- Re: Home Environment Cisco salgak (May 29)
- RE: Home Environment Cisco Noonan, Wesley (May 29)
- RE: Home Environment Cisco Jason Ostrom (May 30)
- RE: Home Environment Cisco Loomis, Rip (May 30)
- RE: Home Environment Cisco R. DuFresne (May 30)
- RE: Home Environment Cisco James Baumgardner (May 30)
- RE: Home Environment Cisco Noonan, Wesley (May 30)
- Re: Home Environment Cisco Jeremiah Cornelius (May 31)
- Re: Home Environment Cisco Brian Ford (May 31)
- Re: Home Environment Cisco Brian Ford (May 31)
- Re: Home Environment Cisco Brian Ford (May 31)
- Re: Home Environment Cisco Brian Ford (May 31)
- Re: Home Environment Cisco Tina Bird (May 31)
- RE: Home Environment Cisco Noonan, Wesley (May 31)
- FW: Home Environment Cisco Noonan, Wesley (May 31)