IT-Expert on Call — Firewall and what about NAT

IT-Expert on Call

(613) 828-6611

Experience has no substitute
Inexperience carries significant cost and risk

» Return to «

Why a Firewall and what about NAT ?

A firewall works as a barrier, or a shield, between your computer network and the internet

Your ISP provided device, called a Gateway/modem, functions as a Wi-Fi NAT router - creating a Local Area Network [LAN] - this enables your devices to access the internet. Network Address Translation [NAT] is the process of modifying the IP information in IP packet headers so that the packets can be routed to the required destination. It is used in home routers [such as the typical Wi-Fi router] to allow a number of devices [such as desktop computers, laptops, games consoles, mobile phones, and internet enabled televisions], each with their own network address, to connect to the internet using the one external IP you are assigned by your Internet Service Provider.

Devices connected to LAN <-> NAT router <-> ISP <->Internet

Because IP packets that are not recognized are discarded, the NAT process acts as a simple but effective firewall, blocking incoming traffic unless it is in response to previously sent outgoing traffic i.e. blocking unsolicited traffic.

People who think NAT suffices as a firewall have a misunderstanding of these two functions

Here's the Analogy between these two functions

Think of NAT as the old mailroom at a corporation. Inbound packages coming to the corporate address is reviewed and the mailroom adds the recipient's cube number for inside delivery. Packages arriving without a valid recipient are simply discarded. Outbound packages pass through the mailroom to the appropriate letter carrier or shipper. NAT performs the same function with inbound and outbound packets.

Now add a security element to the mailroom. Inbound packages get run through an x-ray machine and bomb detection process. Contents are examined to insure no harmful or prohibited items. The return address may be checked and if the packages from a particular address or location, it may be blocked. Having passed through security, the mailroom adds the recipient's cube number for inside delivery. Outbound packages are likewise run past security. Packages destined to certain addresses, or containing certain items, are blocked and returned to the inside sender. His manager receives a report as to what was blocked and why. This is the function a Firewall performs on packets inbound and outbound to the company.

Why use MOABMother Of All Blacklists subscription service in conjunction with the Firewall ?

The Objective: Proactive Protection at the Gateway to block malware, spyware, phishing, ransomware and hackers before they ever reach your network.

THREE essential capabilities are needed to proactively prevent the Bad Guys from breaching your internet connection and your local network.

  1. a Firewall providing an effective method of access control.
  2. a dynamic Blacklist [MOAB] that identifies the Bad Guys via the IP addresses they use.
  3. a Router that is extensibledesigned to allow the addition of new capabilities and functionality and has the hardware capability [cpu, memory and storage] to exploit the Blacklist in conjunction with the Firewall

The Gateway device your Internet Service Provider supplies you with to be able to access the Internet does not have those essential capabilities described as 1, 2 and 3 plus that gateway has security implications that you may not be aware of - placing your privacy at risk - your ISP provided Gateway enables your ISP's Technical Support personnel to remotely manage the Gateway device and have direct access to your Home Network or any connected devices with or without your knowledge or explicit permission.

MOAB enables our Firewall to proactively deny all unwanted inbound Traffic. By creating a special Firewall List that identifies unique IP addresses of known malicious or suspicious entities [the Bad Guys] that should not be allowed access to your Internet connection and Network. Our MOAB list contains over 600 million IP Addresses of the the known perpetrators. Because of the very dynamic nature of MOAB we configure the Firewall to automatically update the blacklist 3 times each day so that we can include previously unknown sources [of the perpetrators] as they become known to us. By restricting inbound traffic to the router, we can prevent the accidental opening up of services on the router. Because our Firewall configuration restricts all types of services except for the services you know about & need, we can prevent any services (that you may not be aware of) from being accessible remotely on the router.

IF you're wondering how we identify over 600 million unique IP addresses of known malicious or suspicious entities that we term as the Bad Guys? MOAB is extracted on a daily basis - 3 times each day - from All Cybercrime IP Feeds by FireHOL where that amazing number is derived from. After extraction we specifically engineer the blacklist to work in MikroTik Firewall Appliances and hosted on our web server.

» Return to «

Decide what you need and » e-mail us «  about what you'd like us to do
We would be delighted to help you decide what you need and what you'd like us to do based on a on-site consultation session

IT-Expert on Call Professionals are ready willing and able to expertly deploy it for you

IT-Expert on Call does not maintain a staffed storefront office
All access to our resources is by appointment only made either by
Phone (613) 828-6611 or (613) 762-8018 or  » e-mail us « 

Based in Nepean, Ontario, Canada servicing the Regional Municipality of Ottawa-Carleton plus we offer remote services within Canada and the Continental U.S.A where broadband internet service is available.

Updated Saturday 4 August, 2018 9:47 AM
Webmaster: David Mozer

Copyright © 2002 - 2018 by David Mozer All Rights Reserved.