do i need firewall software if using NAT?
Scooby Regular
Joined: Dec 2001
Posts: 291
Likes: 0
NAT will be fine for a small home office. Especially if you are using private non public routed ip address's.
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
http://www.ietf.org/rfc/rfc1918.txt?number=1918
However if you can afford a decent firewall [ Zone Alarm is good for dialup modem usage] I would get one. With a firewall you can kill icmp or ping replies and stop script kiddies sapping your bandwidth by port scanning your ip address.
You can even use the firewall to detect if your machine has spyware or a virus.
NAT is a good start, but get a firewall if you can.
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
http://www.ietf.org/rfc/rfc1918.txt?number=1918
However if you can afford a decent firewall [ Zone Alarm is good for dialup modem usage] I would get one. With a firewall you can kill icmp or ping replies and stop script kiddies sapping your bandwidth by port scanning your ip address.
You can even use the firewall to detect if your machine has spyware or a virus.
NAT is a good start, but get a firewall if you can.
Scooby Regular
Joined: Mar 2000
Posts: 225
Likes: 0
NAT (Network Address Translation) is exactly that. It translates addresses from non routable to routable ones. That is not security in any shape or form.
I run DSL at home and get scanned everyday.
I suggest a statefull Firewall.
SonicWall/NetScreen/Cisco/Sofaware/etc...main players in the soho
market.
Scooby Regular
Joined: Nov 2000
Posts: 2,021
Likes: 1
From: 412 Wheel HP Audi RS4
Suba
NAT is designed to help with the lack of IP addresses in IPV4 and not as a security protocol. Routers on the Internet are mean't not to forward the RFC 1918 networks but some do....
It would be trival to spoof a RFC1918 address...
Get a stateful firewall if you can afford it, if you can't get a Software 'Personal Firewall' (I use the term loosely).
Jeff
NAT is designed to help with the lack of IP addresses in IPV4 and not as a security protocol. Routers on the Internet are mean't not to forward the RFC 1918 networks but some do....
It would be trival to spoof a RFC1918 address...
Get a stateful firewall if you can afford it, if you can't get a Software 'Personal Firewall' (I use the term loosely).
Jeff
Trending Topics
![Retsyn [i-Dub]'s Avatar](data:image/svg+xml;utf8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 50 50'><circle class='avatar-circle-default' fill='%23434e6e' cx='25px' cy='25px' r='20px'></circle><text class='avatar-text-default' x='49%' y='53%' fill='white' text-anchor='middle' alignment-baseline='middle'>R</text></svg>)
Scooby Newbie
Joined: Sep 2002
Posts: 3
Likes: 0
Make sure that whatever router you settle on it has the capability to utilize "stealth mode" which is to say that it won't even respond to port requests. Essentially if a script kiddie scans your IP he has to wait for it to time out. Macsense makes a nice 4 port 100base switching router. I have the MIH-130 X-Router. On the topic of a firewall. Yes, you still need to run firewall software on the computer itself. It's really the only way to know if a trojan has been installed on your system. Zonealarm is my weapon of choice too...
Thread
Thread Starter
Forum
Replies
Last Post
hardcoreimpreza
Computer & Technology Related
21
Oct 11, 2015 03:40 PM