Security Basics mailing list archives

Re: Cable Vs. DSL

From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 28 Apr 2003 19:20:12 -0700

From: Greg Tracy <greg () sixx com>
Here's a question (I'm relatively new at this).


Well, you're in the right place, that's a good start.

I have a cable connection, with a broadband NAT router which acts as a
DHCP server for a variety of clients (Mac, Win2K and Linux). All the
machines are given an internal IP address (like the old class C
addresses) and the router has the address assigned by the ISP, which
is what the clients are seen to have from the internet.

So basically what you're saying is that you have one public IP address andthe rest are private non-publicly routable ones divided by your NAT enabledrouter.

Since the router's address is seen as one address from outside, and
there's no "host" at that IP address, and it is administered at an internaladdress inside the network, is there any way for an intruder to compromisemy network and get to any of my client machines?


In short, yes, lots of ways.

Is this the best way (other than using a firewall, or in addition to) tomake this connection more secure?

NAT basically provides you with about as much security as your mp3 player,which is to say none at all. This is because NAT is not designed as asecurity measure, it's merely a way to broaden the available address pool.Here are some basic measures I'd recommend to secure your network:


1) Firewall
2) Anti-Virus
3) Spyware detector for your windows machines (I like SpybotSD)
4) Decent passwords on your systems

Depending on your level of paranoia, there's lots more.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Without change, something sleeps inside us, and seldom awakens. Thesleeper must awaken." -- Duke Leto Atreides


_________________________________________________________________

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail



---------------------------------------------------------------------------

FastTrain has your solution for a great CISSP Boot Camp. The industry's mostrecognized corporate security certification track, provides a comprehensiveprospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilizationof pertinent security tools. For a limited time you can enter for a chanceto win one of the latest technological innovations, the SEGWAY HT.Log onto http://www.securityfocus.com/FastTrain-security-basics----------------------------------------------------------------------------

Current thread:

RE: Cable Vs. DSL, (continued)
- - RE: Cable Vs. DSL Xueyan Liu (Apr 24)
    - RE: Cable Vs. DSL David Gillett (Apr 25)
    - Re: Cable Vs. DSL Chris Travers (Apr 25)
    - Re: Cable Vs. DSL Callan K L Tham (Apr 25)
    - Re: Cable Vs. DSL Frank Gearhart (Apr 28)
- RE: Cable Vs. DSL Lucas Zaichkowsky (Apr 23)
- Re: Cable Vs. DSL David Vertie (Apr 24)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
  - RE: Cable Vs. DSL Xueyan Liu (Apr 28)
- Re: Cable Vs. DSL Chris Berry (Apr 29)
  - Re: Cable Vs. DSL Brian Eckman (Apr 30)
- RE: Cable Vs. DSL Jordan Jesse - Toronto-MROC (Apr 30)