RE: Home Environment Cisco

[Paul Robertson <proberts () patriot net>]

On 5 Jun 2003, Florin Andrei wrote:

> Hmmm... All that in a firewall for a _home_environment_?

Yep, Identity Fraud is probably the #1 crime, and lots of homes contain 
PCs with sensative work data, if not VPN clients.

> I actually have an opposite complaint about nmap: if the firewall drops
> UDP packets, nmap marks those ports as being "open".
> I can see the reasons why this behaviour was chosen, yet i'd like a CLI
> switch to tell nmap "just say NO RESPONSE in that case, don't mark the
> ports as being open."
> But that's offtopic...

But worth a retort-  Fyodor not only gave you NMAP, he gave you the 
*source* to NMAP.  

It's a shame when you've got all the pieces, and you're sitting at the 
table waiting for someone else to put your puzzle together for you.

> Sure, but different environments have different requirements.
> Staying within the domain targeted by the original message (firewalls
> for home environments), i'll say NAT does a great job: simple, takes out
> a lot of problems (yet not all, as you pointed out), not too intrusive.
> And did i mention it's simple? :-) The perfect one-stop-shop.

Except it's not perfect- witness the worm and virus explosions from home 
networks.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards