IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

» Return to «
MOAB

Threat Intelligence at Work 24/7 365

Why a Firewall and what about NAT?

Who is in CONTROL of your Local Area Network [LAN]?

A firewall works as a barrier, or a shield, between your computer network and the internet

Your ISP provided device, called a Gateway/modem/ONT, functions as a Wi-Fi NAT Router - creating a Local Area Network [LAN] - this enables your devices to access the internet. Network Address Translation [NAT] is the process of modifying the IP information in IP packet headers so that the packets can be routed to the required destination. It is used in home routers [such as the typical Wi-Fi router] to allow a number of devices [such as desktop computers, laptops, gaming consoles, mobile phones, and internet enabled televisions], each with their own network address, to connect to the internet using the one external IP you are assigned by your Internet Service Provider.

The communication chain using your ISP provided Gateway

Devices connected to LAN <<==> ispGateway[NAT<<==> ISP <<==> Internet

Because IP packets that are not recognized are discarded, the NAT process acts like a simple but effective firewall, blocking incoming traffic unless it is in response to previously sent outgoing traffic i.e. blocking unsolicited traffic.

People who think NAT suffices as a firewall have a misunderstanding of these two functions

Here's the Analogy between NAT and a Firewall

Think of NAT as the old mailroom at a corporation. Inbound packages coming to the corporate address is reviewed and the mailroom adds the recipient's cube number for inside delivery. Packages arriving without a valid recipient are simply discarded. Outbound packages pass through the mailroom to the appropriate letter carrier or shipper. NAT performs the same function with inbound and outbound packets.

Now add a security element to the mailroom. Inbound packages get run through an x-ray machine and bomb detection process. Contents are examined to insure no harmful or prohibited items. The return address may be checked and if the packages from a particular address or location, it may be blocked. Having passed through security, the mailroom adds the recipient's cube number for inside delivery. Outbound packages are likewise run past security. Packages destined to certain addresses, or containing certain items, are blocked and returned to the inside sender. His manager receives a report as to what was blocked and why. This is the function a Firewall performs on packets inbound and outbound to the company.

The Objective: Proactive Protection at your Internet Gateway to specifically Regain CONTROL of your Local Network and to block malware, spyware, phishing, cryptomining, ransomware and hackers before they ever reach your network, your computers, all your smart devices.

The Problem: Your ISP is in control of your Local Network: The Gateway device your Internet Service Provider supplies you with to be able to access the Internet does not have any of the three [1,2,3] essential capabilities required for effective protection against the Bad Guys PLUS that gateway device has security implications that you may not be aware of - placing your privacy at risk - your ISP provided Internet Gateway enables your ISP's Technical Support personnel to remotely manage the Gateway device and have direct access to your Business or Home Network or any connected devices with or without your knowledge or explicit permission.

The communication chain using your ISP provided Gateway

Devices connected to LAN <<==> ispGateway[NAT<<==> ISP <<==> Internet

The 3 essential capabilities that are missing to proactively prevent the Bad Guys from breaching your internet connection and your local network are as follows:

  1. a Firewall providing an effective method of access control.
  2. a dynamic blacklist [MOAB] that identifies the Bad Guys via the IP addresses they use.
  3. a Router that is extensibledesigned to allow the addition of new capabilities and functionality and has the hardware capability [cpu, memory and storage]
    to exploit the blacklist in conjunction with the Firewall
    .

The Solution: Our Firewall access control rules working in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly prevent « any » of over 600 million perpetrators [the Bad Guys] access before they can breach your doorway into the Internet, penetrate your local network and cause damage to your computers and other network dependent smart devices. Guarding your network from the effects of malicious intrusion of unauthorized users and applications begins with solid perimeter and endpoint defenses, and an effective method of access control. The capable Router Firewall we recommend, install and configure provides that effective method of access control - now you are in control - your ISP can still manage their gateway device but they can no longer have access to your local network.

Cable communication chain using The Solution

Devices connected to LAN <<==> ROUTER[includes Firewall+MOAB]+ispModem <<==> ISP <<==> Internet

For Cable Internet subscribers we convert the ISP Gateway into a Modem using bridging and insert our recommended Router/Firewall appliance that takes over as your Gateway - security implications mentioned above is effectively addressed => secured from unsolicited prying eyes, secured from bandwidth thievesStealing Your Wi-Fi and « now » you have regained full control over what happens on your network.

Fiber communication chain using The Solution

Devices connected to LAN <<==> ROUTER[includes Firewall+MOAB] <<==> ISP <<==> Internet

For Fiber-To-The-Home Internet subscribers we remove the ISP provided gateway and replace it with our recommended Router/Firewall appliance that takes over as your Gateway - security implications mentioned above is effectively addressed => secured from unsolicited prying eyes, secured from bandwidth thievesStealing Your Wi-Fi and « now » you have regained full control over what happens on your network.

MOABMother Of All Blacklists enables our Firewall to proactively deny all unwanted inbound Traffic. By creating a special Firewall Blacklist that identifies unique IP addresses of known malicious or suspicious entities our Firewall in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly denies « any » of over 600 million perpetrators access before they can breach your Internet door, penetrate your local network and cause damage to your computers and other network dependent smart devices. Because of the very dynamic nature of MOABMother Of All Blacklists we configure the Firewall to automatically update the blacklist 3 times each day so that we can include previously unknown sources [of the perpetrators] as they become known to us.

By restricting inbound traffic to the router, we can prevent the accidental opening up of services on the router. Because our Firewall configuration restricts all types of services except for the services you know about & need, we can prevent any services (that you may not be aware of) from being accessible remotely on the router.

-->

I already have a MikroTik Router

PREREQUISITES First

IF you already have a capable MikroTik Router and you would like to subscribe to our MOAB subscription service » e-mail us «  with the information we need based on the PREREQUISITES stated therin for this service to work properly on your router and we will promptly set you up regardless of where on Planet Earth you reside.

MOAB Subscriptions are based on a Calendar Year
A calendar year is a one-year period that begins on January 1 and ends on December 31

Inside a Calendar Year you will be charged as shown in the Table below

MOAB subscription Service Payment US $90.00 per calendar Year
« PayPal »  when you're ready to subscribe

Please note that MOAB Subscription Service Payment above and
MOAB Install Service Payment below
are two sperate independent service payments.

MOAB Remote Install Service Payment US $90.00
« PayPal »  when you prefer to have us install MOAB for you.

We use Chrome Remote Desktop extension for all remote installation services.

MOAB Remote install service is only available for
broadband capable users
minimum 100Mbps Down 10Mbps Up.

Disclaimer: You may cancel your subscription at any time, all sales are final we do not issue refunds

MOAB - First Time User's

» e-mail «  Request 10 day Free Trial of MOAB Blacklist Service

» Return to «
MOAB

Decide what you need and » e-mail us «  about what you'd like us to do
We would be delighted to help you decide what you need and what you'd like us to do based on a on-site consultation session

IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Tuesday 5 November, 2024 8:36 AM
Webmaster: David Mozer

Copyright © 2002 - 2024 by David Mozer All Rights Reserved.