|
|
Re: Firewall security question
08/24/14 06:33 AM
|
|
|
> Not sure what you're going on about. I never said I don't use a password. I just said
> that SEP was blocking some kind of port scan that my printer was doing, breaking the
> scan-to-network function (it's an all-in-one). Also some of my devices can't connect
> to my computer when I'm running streaming software like WMC, or PowerDVD.
>
> so... I was asking what the risk is of making the top rule of the SEP firewall state
> that all ports and protocols are allowed from all IP addresses in my local subnet
> (192.168.1.0-192.168.1.255)
>
> Let's just assume that nobody (local) is going to piggyback off of my wireless
> network... what danger does this rule put me in from the internet side? Like... is
> there a way to remote into a network and spoof packets to look like it's coming from
> a local computer?
Your router or gateway will have two interfaces, one facing the internet and one facing your local network. On this device, for the interface facing the internet you configure a rule that discards any traffic where the destination is an address in your local network range, or any non-routable range for that matter (192.168.0.0/16, 10.0.08, 172.16.0.0/20, etc.). Then for devices on your local network (PCs etc.) you can make a rule that allows all traffic from other devices on the local network.
This is a reasonable setup assuming:
- You can trust all the devices on the local network
- No device on your local network will be hacked/rooted
- No device on your local network will be tricked into running malware
- No device on your local network has an additional internet connection that bypasses the router
- You have no VPNs, tunnels, etc. facing into your network
|
|
Index 
Flat 
Re: Firewall security question
Reply
Re: Firewall security question
