[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <ukm6f.1065$Sx4.399@newsfe3-gui.ntli.net> on Sat, 22 Oct 2005 08:00:26 GMT,
"__spc__" <spamtime@ntlworld.com> wrote:

>If your PC connects directly to the modem (i,e, there is no router
>involved), you must makes sure that you have a firewall in place, at the
>very least, Microsoft XP's own one if you are using XP. ZoneAlarm do an
>excellent free on which I have found reliable as heck for 2 years.
>
>If you have a router, then don't worry about this, as the router has inbuilt
>firewall capabilities, and will assign IPs to the PCs on your network -
>these IPs are hidden from the WAN (internet) side of the router. It is
>still a good idea to run firewall software on each machine as this will stop
>malware software 'calling home'; this being software that you will have
>(accidentally) let through your router.

It can also be a good idea because the protection afforded by the router
varies considerably from product to product. What you described is just
NAT/PAT (address translation), and although that does provide some measure of
protection, it's not as good as true SPI (stateful packet inspection) firewall
in the router. Some routers just have NAT/PAT; better ones have an SPI
firewall.

Also note that if you use a "DMZ" feature in the router (a horrid misuse of
the term "DMZ" IMHO), then you've probably eviscerated *all* router
protection. The so-called DMZ feature on most low-end routers is (a) not
really a DMZ at all and (b) a big security risk to the entire LAN. A true DMZ
isolates a separate public server from the LAN so that compromise of the
server doesn't put the LAN at risk.

--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>