Any simple NAT (PNAT, to be correct) box decrease a chance of infection by last worms to 0. Just 0.0000%. O course, it does not protects very well from intentional attacks, and do not protect against e-mail bombs and java script exploints. In reality, having WIN2K after NAT box 100% time connected to internet is safer, than to have Windows with all patches installed every day, directly connected. Reason is simple: - when system after Win2K do not initiate internet connections, it is 100% safe; - when such system initiates internet connections, it expose only client-side ports and is not volnurable to any scans etc; So, I agree - NAT box is the very first _mandatiory_ thing at home; all other (fiorewaall etc) are not necessary fro most homehouses at all (but antiviruses are, if you have e-mail or use web).
On Wed, 5 May 2004 Michael.Dillon@radianz.com wrote:
(To deflect the inevitable "NAT is not a firewall" complaints, the box is a stateful inspection firewall -- as all NAT boxes actually are).
Hmmm, are you saying that the solution to many so-called Internet security vulnerabilities is for people to use an SI Firewall, aka Simple, Inexpensive Firewall, aka Stateful Inspection Firewall?
Its not a real solution, its just goes long way to reduce number of
infections
and how quickly some worms can spread (although NAT would have no efffect on spread of viruses by email so human factor is primary problem).
One wonders why the DSL/cable router manufacturers haven't caught on to this idea before now.
Its not manufacturers who did not caught up (in fact they did and offer very inexpensive personal dsl routers goes all the way to $20 range), its DSL providers who still offer free dsl modem (device at least twice more expensive then router) and free network card and complex and instructions on how to set this all up on each different type of pc. No clue at all that it would be only very marginally more expensive for them to integrate features of such small nat router into dsl modem and instead of offering PPPoverEthernet it could just offer NAT and DHCP and make it so much simpler for many of those lusers with only light computer skills to set this all up.
-- William Leibzon Elan Networks william@elan.net