General discussion

Locked

Network Security

By m.brown ·
Which is the most secure method in connecting a LAN to the Internet. ADSL Router with built in firewall and NAT or a multifunctional server which is connected to the LAN with built in firewall and NAT functionality?

How secure would the LAN be, if NAT was turned off the router and traffic was routed to the multifunctional server to perform NAT and firewall activities?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Network Security

by sgt_shultz In reply to Network Security

insufficient data. what is 'build-in' firewall --?
here are some thoughts:
1) put resources exposed to Internet in DMZ.
2) harden os's. have good antivirus. have all service packs/security patches promptly applied.
3) there is debate on whether 'layers' like NAT plus firewall bolster security. I say, why not have both? I would not turn off NAT. I would not expose 'multi-functional' server to internet behind NAT and firewall and then to my LAN. use DMZ.
I would install tripwire/intrusion detection software.
I would attempt to hack into my own system, from outside the LAN.
I would visit www.cert.org and buy 'hacking revealed'

Collapse -

Network Security

by m.brown In reply to Network Security

Poster rated this answer

Collapse -

Network Security

by Some Guy in Seattle In reply to Network Security

It's arguable both ways. The most popular firewall in the world right now is the Check Point firewall, which is nothing more than a specialized application (firewall) installed on a multipurpose server (Windows, Solaris, Linux, or Nokia IPSO [BSD variant]).

Appliance manufacturers usually tout that simplicity, ease of deployment, speed, and specialized code make for a more secure firewall. That's arguable too, since all of that requires as much engineering as a software firewall application. It's just as easy to build a badly designed appliance as it is to build a well-designed software firewall app.

Provided you keep up with the firewall vendor's and OS vendor's patches, there aren't any substantial risks for one over the other.
My suggestion is to review (and demo, if possible) a few solutions and decide which one offers what you need and what you feel comfortable with. It is more important to feel confident in the deployment, maintenance, and review of a security device. It is worse to buy a product and not be sure that it is doing what you want it to do because you don't know what to look for.

Collapse -

Network Security

by m.brown In reply to Network Security

Poster rated this answer

Collapse -

Network Security

by feathersmcgraw In reply to Network Security

The most secure method with respect to connecting a LAN to the internet is to have a box that is solely committed to being a firewall. There are many server OSs that claim that have built in functionality but the main point is what is a server's primary function? It is to hold data and serve up applications to the end users. Think of it this way, you have a car that has a trunk that could carry a load of stone if you want to remodel your house. But doesn't a truck, which was designed to do thatspecific task make more sense?

My suggestion...buy a firewall box. But as the first response said "insufficient data". What are your requirements?

Collapse -

Network Security

by m.brown In reply to Network Security

Poster rated this answer

Collapse -

Network Security

by m.brown In reply to Network Security

This question was closed by the author

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums