Date: Tue, 28 Mar 2000 13:08:50 -0800 From: "Brian O'Shea" <boshea@ricochet.net> To: Kelly Yancey <kbyanc@posi.net> Cc: "Brian O'Shea" <boshea@ricochet.net>, freebsd-net@FreeBSD.ORG Subject: Re: Security of NAT "firewall" vs. packet filtering firewall. Message-ID: <20000328130850.Z330@beastie.localdomain> In-Reply-To: <Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com>; from Kelly Yancey on Tue, Mar 28, 2000 at 02:40:29PM -0500 References: <20000328113534.W330@beastie.localdomain> <Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 28, 2000 at 02:40:29PM -0500, Kelly Yancey wrote: > > NAT will effectively protect the boxes on your network. It's the router > you need to worry about (since it is the only box on the public Internet). > You say you are only running SSH on it, so it sounds like you have locked > that box down but good. Depending on how paranoid you are, you might still > want to put packet filter rules just for protecting your router. > > Kelly > Thank you for your response. This is what I thought, although I should have clarified my question. I was wondering if there is any added security to having packet filtering rules on the router, in addition to NAT. Since there are no services to exploit (ignoring sshd for the moment), what rules would I add? If there are no services running, then there is no need to block any ports. But are there other types of vulnerabilities that I should be worried about? Thanks, -brian p.s. I have considered limiting access to the sshd port to only certian authorized networks, but this is only a minor obstacle at best (especially considering the networks to which I would have to grant access). -- Brian O'Shea boshea@ricochet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328130850.Z330>