Hi,
I am a network consultant. I have some small businesses that do not
believe they need a firewall. They believe their PAT router is enough
security. Is their a DEMO I can do to show these people that they
DO need a firewall? I would like to give them some sort of demo so
they will agree with me on the need of a firewall. I don't want to do
anything harmfull but I do want to show them they are at a risk and
with the firewall installed the risk is gone or severely limited.
thanks. |
Request for Question Clarification by
joseleon-ga
on
12 Sep 2003 04:09 PDT
Hello,
I can point you to some tools that will give you a lot information
about possible vulnerabilities on their systems, would you be
interested in such kind of tools?
Regards.
|
Request for Question Clarification by
maniac-ga
on
12 Sep 2003 05:11 PDT
Hello Npriority,
Hmm. If I was in your shoes and trying to sell into small businesses,
I would walk away from companies that already have a NAT / PAT router
because I consider that a pretty capable solution. Can we revise the
question slightly to get you an answer more focused on making a tough
sale?
To help provide an accurate answer, it would be helpful to find out
what you are considering the differences between the
proposed firewall
and the
existing NAT/PAT - Network Address Translation / Port Address
Translation router
I know there will be differences on a case by case basis, but some
general concepts or perhaps a listing of vendor / model numbers would
help us research the differences and identify the benefits to the
small business customers.
To elaborate slightly, the latter is what a lot of small office / home
users have installed and when properly configured only allow local
machines to initiate connections (or allow external connections to
specific ports on specific local machines). What beyond that do you
consider necessary with today's situation on the internet?
Based on that kind of information, we can help identify the benefits
of the expanded capability / more properly demonstrate how the bad
guys can cause problems (without doing harmful actions). That answer
may be more valuable to you than the answer to your original question.
--Maniac
|
Request for Question Clarification by
webadept-ga
on
12 Sep 2003 10:53 PDT
Hi,
I agree with maniac-ga, we might fnd something on a specific router,
but PAT is pretty secure when you put in on a Small Business. You are
looking at a real "hassle factor" here. Anyone capable of doing
anything "bad" wouldn't be interested in the target. In order to get
by a PAT you have to 1) know the internal network setup, sub
addresses, IP schema, etc. After you know that, then 2) you have to
alter the IP header enough to let the system think you are inside. You
can't know 1 without 2 and 2 is usless without 1. Script kiddies don't
find much meat here and serious crackers aren't interested. Real
Hackers have been there, done that, and moved on.
Tough sell that.. I would love to help you but.. good luck to you.
webadept-ga
|
Request for Question Clarification by
maniac-ga
on
22 Sep 2003 16:02 PDT
Hello Npriority,
Are you still looking for an answer? If so, please provide the
differences between the proposed firewall and a typical PAT so we can
suggest methods to demonstrate what you are asking for. If not, I
suggest you close the question so you won't get charged.
--Maniac
|
