beginner question-routers

beginner question-routers
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
beginner question-routers peon1000002 02-23-2005
Posted by peon1000002 on February 23, 2005, 7:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
hi-

from a website i was reading...

"The solution is to separate your Internet traffic from your LAN (file
sharing) traffic. To do this, a special networking device or software can
be placed between your computers and the Internet. In addition, attempts
by hackers to access your computers are stopped by a broadband router."

my 1st question is does the router automatically "out of the box" separate
the internet traffic from the LAN or do i need to configure it to do so?

the second sentence is referring to the firewall capability right?
if i dont activate the router firewall hackers could access the computer
even with a router (if i didnt have mcafee).

thanks very much
jim


Posted by Walter Roberson on February 23, 2005, 7:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
:from a website i was reading...

:"The solution is to separate your Internet traffic from your LAN (file
:sharing) traffic. To do this, a special networking device or software can
:be placed between your computers and the Internet. In addition, attempts
:by hackers to access your computers are stopped by a broadband router."

:my 1st question is does the router automatically "out of the box" separate
:the internet traffic from the LAN or do i need to configure it to do so?

You would, at a minimum, need to configure the inside and outside IP
address range for the router. After that, *most* routers will, by default,
pass all traffic through between the inside and the outside and
vice versas, not stopping it at all.

:the second sentence is referring to the firewall capability right?
:if i dont activate the router firewall hackers could access the computer
:even with a router (if i didnt have mcafee).

That second sentance is just plain wrong. Broadband routers do not
stop anyone from accessing anything. If you have a cable modem, then
traffic -content- between the ISP and you might travel encrypted
[but the IP layer would normally be unencrypted for cable], and in
that case the cable modem is supposed to prevent others from being able
to usefully sniff the content of your traffic.... but anyone on your
block would still be able to look at the IPs and figure out where
you are connecting to.

What the sentance -might- be referring to is that most consumer
broadband devices use NAT (Network Address Translation). There is
a common belief that if you have NAT then your network is safe.
It doesn't work that way, though: if you have NAT but do not have a
"stateful packet inspection" firewall then depending on the implimentation
and configuration, it might range from providing no protection at all
to providing access only to systems you are already connected to
[keep in mind that if you are running filesharing software or Skype
that you are connecting to hundreds or thousands of machines that
you don't realize you are connecting to!]

NAT by itself is not a particularily strong security layer.
It can cut down the noise a fair bit, but still leaves you open
for anyone who takes a bit more time to target you.

If you want information on why some people think that NAT is a very
poor idea, then I suggest checking out postings by Melinda Shore.

--
Warhol's Law: every Usenet user is entitled to his or her very own
fifteen minutes of flame -- The Squoire




The site map in XML format XML site map

Contact Us | Privacy Policy