| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308300453.h7U4rPXW026116@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Lets discuss, Firewalls... On Fri, 29 Aug 2003 22:33:06 CDT, "Mike @ Suzzal.net" <mike@...zal.net> said: > I can surf the web from the box so it is fine. > Can you get to it? How? http://www.microsoft.com/technet/security/bulletin/MS03-032.asp You got IE or Outlook on that box? (And no, you can't whine "that's not fair, that's not what I asked" - remember that the bad guys aren't going to play fair either). Incidentally, the *entire* security benefit of NAT is that it usually *accidentally* acts as a firewall due to its design (the "no 1 to 1 NATing"). It won't usually forward packets for a port it doesn't know about - which basically means it's acting as a firewall with a default deny policy. And yes, you need a firewall as well - if only to protect yourself from screw-ups like accidentally enabling 1-to-1 NAT (or if some 1337 haxor finds a way to enable it from the outside interface). Security in depth. Belt AND suspenders. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030830/e8d5033d/attachment.bin
Powered by blists - more mailing lists