[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
- From: "Richard M. Smith" <rms@computerbytesman.com>
- Date: Wed, 13 Aug 2003 22:59:55 -0400
Context is important. We are talking about home computers here. IPSEC
and multiple servers aren't very relavent to most home computer users.
If someone has more than one computer on a home network, they probably
already have a NAT box to share the network connection. The suggestion
here is that for folks who are running only one computer should also get
a NAT box if they are connecting to the Internet via a cablemodem or DSL
connection. NAT boxes have this nice characteristic that they act as a
firewall.
Richard
-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
Sent: Wednesday, August 13, 2003 10:18 PM
To: Richard M. Smith
Cc: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Microsoft urging users to buy Harware
Firewalls
On Wed, 13 Aug 2003 20:04:47 EDT, "Richard M. Smith"
<rms@computerbytesman.com> said:
> Windows directory from being accessed from the Internet. My only
> question is why aren't NAT routers built into all cable and DSL
modems.
Because NAT is *not* a be-all and end-all. NAT *does* break things.
You can't easily do IPSec through a NAT (meaning you need to do some
tap-dancing
if you want to VPN from one).
NAT breaks a lot of end-to-end stuff - for instance, if you have a NAT,
it's *REALLY*
hard to have 2 different machines running servers on the same port.
http://www.ietf.org/rfc/rfc3027.txt?number=3027 for all the gory details
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html