What is Digg?16 Comments
- Theta, on 10/12/2007, -0/+1This was quite painful to listen to... The idea of NAT doing the job of a firewall is laughable! Please, please, please if you're only using NAT for security in a place where security is important; be aware that there is no proactive protection being provided.
The only way NAT can protect a private network is if an incoming connection can't be matched to an internal IP. Finding an active machine on a private network isn't hard if you're using source routing (Google it).
Most home/SOHO routers use default private IP ranges, and it's not hard to find out the default DHCP pools (online manuals). So all anyone has to do to bypass NAT and route traffic to an internal network is specify the next hop immediately after the public IP (assigned to the router).
Routers route, that's all they're supposed to do! Firewalls are filters that can explicitly block or drop incoming connections based on pre-defined rules (this is where the security is). Personal software firewalls ARE STILL IMPORTANT as a second line of defence!
These days, a lot of routers do actually have packet filtering firewall software built in (it should be specifically mentioned in the manual), but the default configuration would most likely have to be customised to be affective for anything other than worm traffic.
@runelind
"There is _no such thing as a hardware firewall_. It is all done in software."
'Hardware firewall' just implies that there is dedicated hardware configured with firewall software and nothing else. If it's an appliance firewall, then it would most likely be using a customised hardened operating system. - ktholliday, on 10/12/2007, -0/+0got the ep. i very good podcast, i am basicallt getting TwiT, diggnation, and Security Now i all the time, its great
- doofus, on 10/12/2007, -0/+0I think in order to spice up this show we can perhaps have some babes in bakinis in the background?
- LazyBoy, on 10/12/2007, -0/+0i cant wait to the leo+dvorak podcast!!
- Zerocool82, on 10/12/2007, -0/+0I liked there last ep. I think this will be good too.
- headzoo, on 10/12/2007, -0/+0Sweet...
- furiouszebra, on 10/12/2007, -0/+0I don't have that problem.
- geoboy, on 10/12/2007, -0/+0I thought the game server with multiple NAT routers was an informative trick.
- geoboy, on 10/12/2007, -0/+0If it's anything like last week's episode...
Steve: Honeymonkey!
Leo: LOL!!! - gonffen, on 10/12/2007, -0/+0Sadly at almost 9 minutes it just dies mid-sentence...
-gonffen - mercury81, on 10/12/2007, -0/+0I hope this isn't another episode where Steve gives advice while Leo whines about Microsoft (gotta keep that geek street cred up huh Leo?).
- LtData, on 10/12/2007, -0/+0The XPSP2 firewall blocking outbound traffic is a freaking joke. It kinda does, but not to the level of a third-party software firewall.
- Ssullivan, on 10/12/2007, -0/+0good episode
- gexen, on 10/12/2007, -0/+0I thought this was a fairly boring episode. Steve knows his stuff, but this episode was just boring.
- runelind, on 10/12/2007, -1/+0It is too bad that this show could be called "security for dummies". There is _no such thing as a hardware firewall_. It is all done in software. Also, as far as I know, XPSP2 firewall blocks outbound traffic Mr. Gibson
- LazyBoy, on 10/12/2007, -2/+0oh and yes ban that guy i cant beleave the clicked on the harry potter link waste of my time, i prolly would ahve just wasted it anyways ... but im still pissed!!
© Digg Inc. 2009
— Content created and posted by Digg users is