Firewall/router

[Jonathan Hutchins]

> -----Original Message-----
> From: Glenn Crocker [mailto:glenn at netmud.com]

> NAT doesn't add the kind of security a firewall does.  Yeah, 
> it's nice, but it's like using the "rhythm method" of birth control.
Maybe 
> it'll work, probably it won't.

I can see that I'm making assumptions about how I've done things, and not
stating clearly what I've done.

I think what I meant was that the additional obscuration of NAT with a
non-routable address, when added to a properly secure firewall, can if both
the intranet and the firewall are configured correctly, make explicit
blocking of ports redundant.  Which is not to say bad, or completely
unnecessary, just redundant.

I run a reasonable set of firewall rules on my router, I have a limited and
carefully considered set of services running on it, each of which has some
provision for restricting access, and the services that are allowed to run
inside the firewall are limited and reasonably secure.

I actually know of a couple of potential holes in the system, but they're
holes that are at least obscured and partially covered, just not concreeted
over and locked down.

One of my advantages is that the intranet users are either knowledgeable but
trustworthy (me) or less knowledgeable but extremely cautious.  I've been
hacked, but it was because I essentially left a door open out of laziness.

Which reminds me, my Garage door is open, I must go close it.