Re: Cable Vs. DSL

[Jesse Jordan <jjordan () mroc com>]

In-Reply-To: <Law15-F30h1jYhAOylh00000581 () hotmail com>

Well, its likely that he is using a Linksys or D-link NAT enabled router, 
which in that case is pretty secure because these routers are also 
stateful packet filters.

So in short, yes your clients are pretty secure as long as you are not 
port forwarding services internally, in which you open yourself up to 
whatever vulnerabilities exist on the running internal services. If you 
don't have a lot of clients, it would be a good idea to set your IP's up 
statically, and filter unused IP's and MAC addresses at the router - this 
would help if you had a case of IP spoofing, it would also make it a 
little easier in internal log analysis.

> Since the router's address is seen as one address from outside, and
> there's no "host" at that IP address, and it is administered at an 
internal 
> address inside the network, is there any way for an intruder to 
compromise 
> my network and get to any of my client machines?

There are ways, as I mentioned above, the most obvious being port 
forwards. Other then that, make sure remote management is not accessible 
from the outside, and make sure you are running the latest firmware. Also 
make sure your WAN port is set to block unsolicited requests. If you are 
just a home user, I wouldn't worry about predictable TCP ISN #'s or 
firewalking - unless you specifically have someone targeting you who is 
very very determined. If your router has the functionality, its generally 
a good idea to block all ICMP (outbound, block ICMP Destination 
Unreachable).

Jesse


> Received: (qmail 9886 invoked from network); 29 Apr 2003 16:31:41 -0000
> Received: from outgoing2.securityfocus.com (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 29 Apr 2003 16:31:41 -0000
> Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
>       by outgoing2.securityfocus.com (Postfix) with QMQP
>       id 77AC28F305; Tue, 29 Apr 2003 10:27:56 -0600 (MDT)
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Received: (qmail 13426 invoked from network); 29 Apr 2003 01:59:44 -0000
> X-Originating-IP: [64.60.95.218]
> X-Originating-Email: [compjma () hotmail com]
> From: "Chris Berry" <compjma () hotmail com>
> To: security-basics () securityfocus com
> Subject: Re: Cable Vs. DSL
> Date: Mon, 28 Apr 2003 19:20:12 -0700
> Mime-Version: 1.0
> Content-Type: text/plain; format=flowed
> Message-ID: <Law15-F30h1jYhAOylh00000581 () hotmail com>
> X-OriginalArrivalTime: 29 Apr 2003 02:20:13.0373 (UTC) FILETIME=
[DDAC96D0:01C30DF5]
> > From: Greg Tracy <greg () sixx com>
> > Here's a question (I'm relatively new at this).
>
> Well, you're in the right place, that's a good start.
>
> > I have a cable connection, with a broadband NAT router which acts as a
> > DHCP server for a variety of clients (Mac, Win2K and Linux). All the
> > machines are given an internal IP address (like the old class C
> > addresses) and the router has the address assigned by the ISP, which
> > is what the clients are seen to have from the internet.
>
> So basically what you're saying is that you have one public IP address 
and 
> the rest are private non-publicly routable ones divided by your NAT 
enabled 
> router.
>
> > Since the router's address is seen as one address from outside, and
> > there's no "host" at that IP address, and it is administered at an 
internal 
> > address inside the network, is there any way for an intruder to 
compromise 
> > my network and get to any of my client machines?
>
> In short, yes, lots of ways.
>
> > Is this the best way (other than using a firewall, or in addition to) to 
> > make this connection more secure?
>
> NAT basically provides you with about as much security as your mp3 
player, 
> which is to say none at all.  This is because NAT is not designed as a 
> security measure, it's merely a way to broaden the available address 
pool.  
> Here are some basic measures I'd recommend to secure your network:
>
> 1) Firewall
> 2) Anti-Virus
> 3) Spyware detector for your windows machines (I like SpybotSD)
> 4) Decent passwords on your systems
>
> Depending on your level of paranoia, there's lots more.
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "Without change, something sleeps inside us, and seldom awakens.  The 
> sleeper must awaken." -- Duke Leto Atreides
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
> http://join.msn.com/?page=features/junkmail
>
>
> --------------------------------------------------------------------------
-
> FastTrain has your solution for a great CISSP Boot Camp. The industry's 
most 
> recognized corporate security certification track, provides a 
comprehensive 
> prospectus based upon the core principle concepts of security. This ALL 
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on 
utilization 
> of pertinent security tools. For a limited time you can enter for a 
chance 
> to win one of the latest technological innovations, the SEGWAY HT. 
> Log onto http://www.securityfocus.com/FastTrain-security-basics 
> --------------------------------------------------------------------------
--
>

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------