Tilted Forum Project Discussion Community - View Single Post

xepherys · 07-23-2006, 07:19 PM

Okay, first of all, ZoneAlarm isn't overkill... it's more likley to be underkill, except for the aforementioned aspect that software firewalls can help prevent the phoning home issues with bots and various trojans.

As for NAT, NAT is NOT a security solution, nor was it ever intended to be. NAT is for putting many private IP addresses behind a single public IP address. This inherently offers SOME security against basic attacks, but it is NOT a security solution (just in case you missed it the first time). Most broadband routers, however, offer firewall features as well (or real routing features) such as access-control lists (ACLs), port mapping, DMZ access and logging. Those ARE security features. Also, if you are using a wireless router, be sure to:

a) disable SSID broadcast
b) Use at least 128-bit WEP (though it's still very weak to basic cracks) or WPA.
c) Change the admin username and password.
d) For home usage, use MAC filtering to allow only known computers to attach.
e) Use fixed DHCP to assign addresses. Combined with 'd' it's just an added layer of security to prevent people from using your internet illegally and/or browsing your internal network.

Also, regardless of hardware OR software firewalls, always keep your operating system patched and any application running as a service.

Lastly, in case it wasn't covered somewhere above, NAT does not broadcast outside to all inside. Actually, it should NEVER do that, since broadcast would fail to cross the bridge and multicast should be started inside.

07-23-2006, 07:19 PM	#26 (permalink)
xepherys <3 TFP Location: 17TLH2445607250	Okay, first of all, ZoneAlarm isn't overkill... it's more likley to be underkill, except for the aforementioned aspect that software firewalls can help prevent the phoning home issues with bots and various trojans. As for NAT, NAT is NOT a security solution, nor was it ever intended to be. NAT is for putting many private IP addresses behind a single public IP address. This inherently offers SOME security against basic attacks, but it is NOT a security solution (just in case you missed it the first time). Most broadband routers, however, offer firewall features as well (or real routing features) such as access-control lists (ACLs), port mapping, DMZ access and logging. Those ARE security features. Also, if you are using a wireless router, be sure to: a) disable SSID broadcast b) Use at least 128-bit WEP (though it's still very weak to basic cracks) or WPA. c) Change the admin username and password. d) For home usage, use MAC filtering to allow only known computers to attach. e) Use fixed DHCP to assign addresses. Combined with 'd' it's just an added layer of security to prevent people from using your internet illegally and/or browsing your internal network. Also, regardless of hardware OR software firewalls, always keep your operating system patched and any application running as a service. Lastly, in case it wasn't covered somewhere above, NAT does not broadcast outside to all inside. Actually, it should NEVER do that, since broadcast would fail to cross the bridge and multicast should be started inside.