Full Disclosure mailing list archives
Re: Lets discuss, Firewalls...
From: Valdis.Kletnieks () vt edu
Date: Sat, 30 Aug 2003 00:53:25 -0400
On Fri, 29 Aug 2003 22:33:06 CDT, "Mike @ Suzzal.net" <mike () suzzal net> said:
I can surf the web from the box so it is fine.
Can you get to it? How?
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp You got IE or Outlook on that box? (And no, you can't whine "that's not fair, that's not what I asked" - remember that the bad guys aren't going to play fair either). Incidentally, the *entire* security benefit of NAT is that it usually *accidentally* acts as a firewall due to its design (the "no 1 to 1 NATing"). It won't usually forward packets for a port it doesn't know about - which basically means it's acting as a firewall with a default deny policy. And yes, you need a firewall as well - if only to protect yourself from screw-ups like accidentally enabling 1-to-1 NAT (or if some 1337 haxor finds a way to enable it from the outside interface). Security in depth. Belt AND suspenders.
Attachment:
_bin
Description:
Current thread:
- Lets discuss, Firewalls... Mike @ Suzzal.net (Aug 29)
- Re: (SPAM?) Lets discuss, Firewalls... Jim Race (Aug 29)
- Re: (SPAM?) Lets discuss, Firewalls... Manfred Schmitt (Aug 30)
- Re: Lets discuss, Firewalls... Michael Scheidell (Aug 30)
- Re: Lets discuss, Firewalls... Ben Nelson (Aug 30)
- Re: Lets discuss, Firewalls... Valdis . Kletnieks (Aug 31)
- Re: (SPAM?) Lets discuss, Firewalls... Jim Race (Aug 29)