DSL Security is PPP on Eircom Supplied box good enough ?

Capt'n Midnight

Eircom supplied a Alcatel Speedtouch Pro DSL thingy. Three PC's are connected to te 10Mb ports. Each PC connects using (PPP ?) and gets a separate dynamic IP address. A quick port scan seems to indicate all is well.

So how much security dows the unit provide or are the PC's relying on software firewalls.

Would it be necessary to replace the DSL box with another that uses NAT and has a firewall built in, or should a router with a built in firewall be setup so it's WAN port was connected to the Eircom box ?

dogs

Originally posted by Capt'n Midnight
Eircom supplied a Alcatel Speedtouch Pro DSL thingy. Three PC's are connected to te 10Mb ports.

Well I haven't seen or used that particular model but I'll give this a try ...

Each PC connects using (PPP ?) and gets a separate dynamic IP address. A quick port scan seems to indicate all is well.

Eh... I'm not sure if I'm misunderstanding you here but each PC connects from an ethernet card to an ethernet port on this little box and you think they might be connecting over PPP ? Was there anything in particular that gave you that impression ? My guess is that they're connected via Ethernet Dynamic IP address assignment would be achieved through the magic of DHCP.

So how much security dows the unit provide or are the PC's relying on software firewalls.

How much security does anything provide ? What services are reachable from the Internet ? Are the client machines patched and kept up to date for any software they use ? Same questions all the time. There is no silver-bullet in security, no magic box you can plug in and you're instantly completely safe.

Would it be necessary to replace the DSL box with another that uses NAT and has a firewall built in...

Well, if your box is assigning IP addresses dynamically, and your ISP only gives you one IP address .... it's probably doing NAT
And if it's doing NAT, what exactly would you need to firewall ? I'd imagine it's DHCP server is inward facing only

HTH....

Capt'n Midnight

The box is NOT giving DHCP address out. So each PC has a 169.254.x.y autoconfig address. To connect to the internet a login and password are needed, this then opens a second network connection with a public IP address - different on each PC.

Because each of the PC's has software firewall I can't be sure the Eircom box provides any protection and I don't want to turn off the software firewall to find out.

Agree there is no magic box - but I prefer an external firewall to block ports. (blocking Malware & junk on web pages is a different kettle of horse pajymas)

Frank Grimes

From what I remember of those things, they're just ethernet modems - nothing else. Best to stick with the software firewalls.
There is a telnet interface on them but I can't remember any of the options in it.

Capt'n Midnight

Originally posted by Frank Grimes
From what I remember of those things, they're just ethernet modems - nothing else. Best to stick with the software firewalls.
There is a telnet interface on them but I can't remember any of the options in it.

ethernet modems - as in Ben Dover ?

Looks like it going to get replaced with an ADSL router with Firewall / NAT & DHCP - any types recomended ?

seamus

DSL connections are virtual PPP, which is probably where you're getting that from.

I assume you're on one of the more expensive DSL packages, where you get more than one IP address.

Basically, get your hands on a small router, that'll do packet filtering for you. Connect each machine to the router, and the router to the modem, and hey presto.