IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

» Return to «
MOAB

Why a Firewall and what about NAT ?

A firewall works as a barrier, or a shield, between your computer network and the internet

Your ISP provided device, called a Gateway/modem, functions as a Wi-Fi NAT router - creating a Local Area Network [LAN] - this enables your devices to access the internet. Network Address Translation [NAT] is the process of modifying the IP information in IP packet headers so that the packets can be routed to the required destination. It is used in home routers [such as the typical Wi-Fi router] to allow a number of devices [such as desktop computers, laptops, games consoles, mobile phones, and internet enabled televisions], each with their own network address, to connect to the internet using the one external IP you are assigned by your Internet Service Provider.

Because IP packets that are not recognized are discarded, the NAT process acts like a simple but effective firewall, blocking incoming traffic unless it is in response to previously sent outgoing traffic i.e. blocking unsolicited traffic.

People who think NAT suffices as a firewall have a misunderstanding of these two functions

Here's the Analogy between NAT and a Firewall

Think of NAT as the old mailroom at a corporation. Inbound packages coming to the corporate address is reviewed and the mailroom adds the recipient's cube number for inside delivery. Packages arriving without a valid recipient are simply discarded. Outbound packages pass through the mailroom to the appropriate letter carrier or shipper. NAT performs the same function with inbound and outbound packets.

Now add a security element to the mailroom. Inbound packages get run through an x-ray machine and bomb detection process. Contents are examined to insure no harmful or prohibited items. The return address may be checked and if the packages from a particular address or location, it may be blocked. Having passed through security, the mailroom adds the recipient's cube number for inside delivery. Outbound packages are likewise run past security. Packages destined to certain addresses, or containing certain items, are blocked and returned to the inside sender. His manager receives a report as to what was blocked and why. This is the function a Firewall performs on packets inbound and outbound to the company.

Why use MOABMother Of All Blacklists subscription service in conjunction with the Firewall ?

What is MOAB? A Special Firewall Blacklist that identifies unique IP addresses of known malicious or suspicious entities that should not be allowed access to your Internet connection and Network.

The Objective: Proactive Protection at your Gateway to block malware, spyware, phishing, cryptomining, ransomware and hackers before they ever reach your network.

The Problem: The Gateway device your Internet Service Provider supplies you with to be able to access the Internet does not have any of the three [1,2,3] essential capabilities required for effective protection against the perpetrators PLUS that gateway device has security implications that you may not be aware of - placing your privacy at risk - your ISP provided Internet Gateway enables your ISP's Technical Support personnel to remotely manage the Gateway device and have direct access to your Home Network or any connected devices with or without your knowledge or explicit permission.

communication chain using your ISP provided Gateway

Devices connected to LAN <<==> NAT router <<==> ISP <<==> Internet

The THREE essential capabilities that are missing to proactively prevent the Bad Guys from breaching your internet connection and your local network are as follows:

  1. a Firewall providing an effective method of access control.
  2. a dynamic blacklist [MOAB] that identifies the Bad Guys via the IP addresses they use
  3. a Router that is extensibledesigned to allow the addition of new capabilities and functionality and has the hardware capability [cpu, memory and storage] to exploit the blacklist in conjunction with the Firewall

The Solution: Our Firewall access control rules working in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly prevent « any » of over 600 million perpetrators [the Bad Guys] access before they can breach your doorway into the Internet, penetrate your local network and cause damage to your computers and other network dependent smart devices. Guarding your network from the effects of malicious intrusion of unauthorized users and applications begins with solid perimeter and endpoint defenses, and an effective method of access control. The capable Router Firewall we recommend, install and configure provides that effective method of access control.

communication chain using our security solution

Devices connected to LAN <<==> Firewall+MOAB+Router <<==> ISP <<==> Internet

For Cable Internet subscribers we convert the ISP Gateway into a Modem using bridging and insert our recommended Router/Firewall appliance that takes over as your Gateway - security implications mentioned above is effectively addressed => secured from unsolicited prying eyes, secured from bandwidth thievesStealing Your Wi-Fi and « now » you have regained full control over what happens on your network.

For Fiber-To-The-Home Internet subscribers we remove the ISP provided gateway and replace it with our recommended Router/Firewall appliance that takes over as your Gateway - security implications mentioned above is effectively addressed => secured from unsolicited prying eyes, secured from bandwidth thievesStealing Your Wi-Fi and « now » you have regained full control over what happens on your network.

MOABMother Of All Blacklists enables our Firewall to proactively deny all unwanted inbound Traffic. By creating a special Firewall Blacklist that identifies unique IP addresses of known malicious or suspicious entities our Firewall in conjunction with MOABMother Of All Blacklists adds a highly efficient trap that silently and quickly denies « any » of over 600 million perpetrators access before they can breach your Internet door, penetrate your local network and cause damage to your computers and other network dependent smart devices. Because of the very dynamic nature of MOABMother Of All Blacklists we configure the Firewall to automatically update the blacklist 3 times each day so that we can include previously unknown sources [of the perpetrators] as they become known to us.

By restricting inbound traffic to the router, we can prevent the accidental opening up of services on the router. Because our Firewall configuration restricts all types of services except for the services you know about & need, we can prevent any services (that you may not be aware of) from being accessible remotely on the router.

IF you're wondering how we identify over 600 million unique IP addresses of known malicious or suspicious entities that we term as the Bad Guys? MOAB is extracted on a daily basis - 3 times each day - from All Cybercrime IP Feeds by FireHOL where that amazing number is derived from. After extraction we specifically engineer the blacklist to work in MikroTik Firewall Routers and hosted on our web server.

I already have a MikroTik Router

PREREQUISITES First

IF you already have a capable MikroTik Router and you would like to subscribe to our MOAB subscription service » e-mail us «  with the information we need based on the PREREQUISITES stated therin for this service to work properly on your router and we will promptly set you up regardless of where on Planet Earth you reside.

MOAB subscription Service Payment US $60.00 per Year
« PayPal »  when you're ready to subscribe

Please note that MOAB Subscription Service Payment above and
MOAB Install Service Payment below
are two sperate independent service payments.

MOAB Remote Install Service Payment US $90.00
« PayPal »  when you prefer to have us install MOAB for you.

MOAB Remote install service is only available for broadband capable users
minimum 100Mbps Down 10Mbps Up

» Return to «
MOAB

Decide what you need and » e-mail us «  about what you'd like us to do
We would be delighted to help you decide what you need and what you'd like us to do based on a on-site consultation session

IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Tuesday 13 November, 2018 10:03 AM
Webmaster: David Mozer

Copyright © 2002 - 2018 by David Mozer All Rights Reserved.