Security Now 3

Hosts: Leo Laporte and Steve Gibson Topic: NAT Routers as Firewalls Published: September 1, 2005 Duration: 00:25:41 Transcript Previous episode – Next episode

Security Now: 003

Topic

• NAT routers act as a hardware firewall
  • Unsolicited packets are dropped at the border
  • Does not prevent outgoing connections
• The internet is crawling with worms and viruses
  • Steve calls this, the internet background radiation (IBR)
• A software firewall helps control outgoing traffic
• Universal Plug and Play on routers allows any computer behind the router to open holes in the router to allow for unsolicited to come in
  • This is used by peer-to-peer networks and instant messaging
  • Steve recommends that you turn this off to secure your router
  • Opening ports on your router may be necessary in some situations, but it is best if you open the ports manually
• You can run a DMZ to allow all traffic to a specific IP address on your network, for a game server
  • However, if that becomes infected, since it is on your networks, it can infect other machines on your networks
  • By using multiple NAT routers in series you can create network segments that will prevent the machine on the DMZ from infecting your other machines
• A NAT router is analogous to a one way valve in plumbing, allowing flow in only one direction, but blocking it in the other direction

What You Should Do to Secure Your Internet Connection

1. Have a NAT router
2. Run a software firewall
3. Turn off Universal Plug and Play on the router
4. Then reset the router
5. Change the default password for the router
6. Turn off WAN management on your router

External Links

• Steve's page on NAT routers [1]
• Show transcripts [2]
• Download this episode[3]
• Download 16kb version of this episode [4]

Production Information

This area is for use by TWiT staff only. Please do not add or edit any content within this section.

Previous Show - Next Show