Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- beginner question-routers
February 24, 2005, 12:27 am
rate this thread
from a website i was reading...
"The solution is to separate your Internet traffic from your LAN (file
sharing) traffic. To do this, a special networking device or software can
be placed between your computers and the Internet. In addition, attempts
by hackers to access your computers are stopped by a broadband router."
my 1st question is does the router automatically "out of the box" separate
the internet traffic from the LAN or do i need to configure it to do so?
the second sentence is referring to the firewall capability right?
if i dont activate the router firewall hackers could access the computer
even with a router (if i didnt have mcafee).
thanks very much
- Walter Roberson
February 24, 2005, 12:51 am
Re: beginner question-routers
:"The solution is to separate your Internet traffic from your LAN (file
:sharing) traffic. To do this, a special networking device or software can
:be placed between your computers and the Internet. In addition, attempts
:by hackers to access your computers are stopped by a broadband router."
:my 1st question is does the router automatically "out of the box" separate
:the internet traffic from the LAN or do i need to configure it to do so?
You would, at a minimum, need to configure the inside and outside IP
address range for the router. After that, *most* routers will, by default,
pass all traffic through between the inside and the outside and
vice versas, not stopping it at all.
:the second sentence is referring to the firewall capability right?
:if i dont activate the router firewall hackers could access the computer
:even with a router (if i didnt have mcafee).
That second sentance is just plain wrong. Broadband routers do not
stop anyone from accessing anything. If you have a cable modem, then
traffic -content- between the ISP and you might travel encrypted
[but the IP layer would normally be unencrypted for cable], and in
that case the cable modem is supposed to prevent others from being able
to usefully sniff the content of your traffic.... but anyone on your
block would still be able to look at the IPs and figure out where
you are connecting to.
What the sentance -might- be referring to is that most consumer
broadband devices use NAT (Network Address Translation). There is
a common belief that if you have NAT then your network is safe.
It doesn't work that way, though: if you have NAT but do not have a
"stateful packet inspection" firewall then depending on the implimentation
and configuration, it might range from providing no protection at all
to providing access only to systems you are already connected to
[keep in mind that if you are running filesharing software or Skype
that you are connecting to hundreds or thousands of machines that
you don't realize you are connecting to!]
NAT by itself is not a particularily strong security layer.
It can cut down the noise a fair bit, but still leaves you open
for anyone who takes a bit more time to target you.
If you want information on why some people think that NAT is a very
poor idea, then I suggest checking out postings by Melinda Shore.
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire
Re: beginner question-routers
Now I know one of the sources for this belief. I was looking at an
article in the Sept. 2002 issue of Tech Edge magazine. 'Internet
Security Ouside and In' by David Pellot :
'Routers use NAT to make sure each computer...gets the data is
'There are two types of routers available: hardware routers and
software routers. They both work using the same methods, so choosing
one is a matter of personal preference...'
'Microsoft has included a software-based router, called Internet
Connection Sharing, as part of Windows...'
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum