Jeff Duntemanns Drive-By Wi-Fi Guide
|
|
Because of the protection it provides to a network, NAT is sometimes called a 'NAT firewall.' The generic term firewall refers to any system that controls what sorts of connections are made from one network (like the global Internet) to another network. NAT is certainly a firewall, and a good one, but it is not nearly as sophisticated as many firewall products.
One limitation of NAT is that it's almost entirely outward-looking. It controls what sorts of connections come into your network from outside, but it does little to monitor what connects to the outside world from inside your network. If you install a piece of software that includes the ability to access the Internet, NAT won't quibble with it and will just let it play through, assuming that everybody inside the network is legitimate.
This isn't always true, alas. Some software applications contain 'spyware,' which is software that covertly 'phones home' with information gleaned from inside your network. Similarly, some virus and Trojan horse programs can hijack your computer for various purposes (more on this in Part 3, which focuses on security issues) and NAT can do little or nothing to prevent them.
So even if you have NAT running inside your router or gateway, having a separate firewall program is a very good idea. Firewalls on home networks have not been popular until recently, because configuring a firewall is a very tricky business-and if you misunderstand something and do it badly, you can blow holes in your own defenses and allow hackers to get into your network. Until you get a very good handle on network operation, I don't recommend manually configuring a firewall. Excellent books have been written on general Internet security and firewalls, and I refer you there to learn more.
However, most recent firewalls are configured a different way. They 'learn' what's permitted and what isn't-and you teach them, based on how you use your computer. The best example (and the one I recommend) is Zone Labs' Zone Alarm Pro. It works like this: When you install Zone Alarm, by default it permits nothing to connect to your computer, neither from the outside world of the Internet, nor from inside your network on your own computer. Each time you run a program that needs to access the Internet, Zone Alarm asks permission by popping up a dialog (see Figure 3.8). If you grant permission, Zone Alarm allows the program in question to 'play through.' If you don't grant permission, the access is blocked.
The first day you use it, you'll see a lot of dialogs popping up to ask permission. But very quickly, all your customary programs will have received permission, and if anything weird ever asks to go out on the Net from your computer, Zone Alarm will report it, and you will be able to decide whether to permit it or not.
For more on Zone Alarm Pro, see the Zone Labs Web site:
http://www.zonelabs.com/store/content/home.jsp
|
|