Lets discuss, Firewalls...

["Mike @ Suzzal.net" <mike () suzzal net>]

Home and business firewalls

 

Question to ponder:

 

OK, on my home LAN I have set up a windows NT4.0 SP2 box with IIS and SQL
Server 7.0. No hot fixes on the box at all. I run a NESSUS scan and I get
over 500 available exploits for this box.

 

My outside address is 216.144.100.100 (not really so please do not attack
who ever that is)

The box on the inside is 192.168.0.100/24

Admin password is blank.

All IPC$ shares are there.

 

I can surf the web from the box so it is fine.

 

I have no firewall, just a NAT on the Motorola Surfboard and no 1 to 1
NATing.

 

If you serve NO applications from the inside of your network (no publicly
accessible web server, email server, ftp server etc...), and you have a NAT
router so your addressing on the inside or your home or business is private
(i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x)

 

Can you get to it? How?

 

Do you still need a firewall? Why?

 

Mike