NAT and personal firewalls
I have a HomeRF 2.0 wireless access point setup connected directly to my ISP's cable modem. The base unit utilizes NAT and the vendor promotes it as firewall protection. I know NAT can be defeated and would like to know how to deploy a software firewall product like ZoneAlarm effectively.
I'm also concerned about NAT and it's security implications for my VPN connection to my office. Would NAT compromise my VPN connection and open my session up for potential attack?
Install ZoneAlarm on all of your end nodes first. Just go to the website and download the free version. What you really need to do to have a managed firewall solution would be to install the ZoneAlarm pro with Integrity to manage your personal firewall endpoints. Since Integrity is not going to be launched for about 30 days you could use the Sygate secure enterprise solution if you must have something today.
NAT won't compromise your VPN connection, in fact it will help to protect your network since it won't give hackers direct route access to your machines. It is not a fullproof solution, though (since you can piggyback on a connection via NAT if you know how to) but it is better than not using NAT at all. If you use this in conjunction with a managed personal firewall, then you should be OK.
This was first published in January 2002