Router/Firewall Recommendation

[Steve]

On Fri, 25 Jun 2004, Steve wrote:

> 
> Top posting just to annoy everyone.

Sorry, just sent that accidently.. :-)

Just to add to this.

One thing to be especially careful of is that while a NAT connection may 
_seem_ secure, in reality is is NOT. there are a LOT of ways to get around 
NAT devices because they act as drop in router boxes. and act as such.

What does this mean ? well, if you can craft a packet (damn crafty 
packets) and have it hit the internet facing interface of the device then 
the box will suprisingly enough, route the packet to the inside boxes that 
it knows about.

It is relativly trivial to find out the actual source IP of machines 
behind NAT devices, even moreso if you connect to an ISP that allows some 
nifty ICMP type messages.

relying on someone else for security is never an option, tho the methods 
you emply to protect yourself are relative to the percived security of the 
information you are trying to protect.

Drop in appliances are an easy way out but are not the be all and end all 
of security (the NZADSL list has a LOT to say on that point)

People presume too much of nat and security is something that should be 
instrinsic to your design, not a plug on addition.

Please, 'nuf of the insults - Otto, calling opinions sent here "bullshit" 
is not really a professional way of getting your point across (and yes, I 
have been guilty of worse) There are a number of extremely knowledgable 
people here that offer their advice freely, please - lets not insult each 
other over a simple query.


-- 
Steve.

PS : I'm still sorta top posting !

> 
> 
> On Fri, 25 Jun 2004, Otto Haliburton wrote:
> > This is the final, my answer is not the only answer it is a logical answer
> > and that is your problem.  If you have more than one computer in a lan then
> > you are using a router or a hub.  So your network is bound by a hub, or a
> > router.  If you are using a hub, then you are using one of your computers as
> > a router.  So you are sitting here talking about a bunch of bullshit cause
> > you have to be hooked up with one of these things to have a lan.  If you
> > have a choice of whether to buy a router or a hub, then you have to make a
> > decision as to what your ISP is going to do.  A router allows multiple
> > computers to use a single ip address and since it does address translation
> > it allows you to acquire a firewall in the process.  You also get another
> > slight advantage and that is if your isp charges for extra ip address then
> > you don't have to pay cause you are only using one.  So while you are
> > talking that bullshit I am totally aware that you are using personally
> > either a router or a hub if you have more than one computer networked.  So
> > my solution is not the only solution it is the logical solution.  Why would
> > I waste a perfectly good computer to do routing when I could use the
> > computing power to do something else unless I have too.  I personally think
> > that you are out here trolling, cause if you have computers networked then
> > you are using one of these hardware devices.
> > 
> > 
> > 
> > 
> 
> 
> 
>