.

Adding a Second NAT Router

     - Saturday, September 03, 2005

As many readers of Complex Distress already know, networking security is a favorite topic of mine. The idea of being completely firewalled from the internet is just plain good sense. But of course being completely firewalled is not a possibility when you're running a web, mail, and FTP server inside your network. After all, when you run any service on your network, the point is to let outside users make requests.

So when I started bring those services into my network, I had to open holes through my firewall so that the traffic could be routed to the appropriate machine. Since my personal machine is locked up tight (i.e., no filesharing allowed), I'm not too concerned about a security risk with this setup.

But with the webserver running on my internal network, there's always the possibility that it could be compromised, and in turn used to attack the rest of my network.

To completely eliminate that possibility, I've added an additional router to my network. The first router allows access to the internet. Only the webserver and the second router are connected to it. The rest of the machines in my network are now connected to the second router. This second router provides an extra layer of protection both from the internet and the partially exposed webserver.

This post wouldn't be complete if I didn't give a nod to Steve Gibson. Steve's site at GRC.com and his recent Security Now podcast gave me the extra push to go forward with setting this up.

Nat Router Security Solutions at GRC.com

posted by Kevin Watts |  Permalink |