N > On Dec 2, 2020, at 11:50 PM, Christian Huitema <huitema@xxxxxxxxxxx> wrote: > > >> On 12/2/2020 11:22 PM, Joe Touch wrote: >> >>>> On Dec 2, 2020, at 10:47 PM, Christian Huitema <huitema@xxxxxxxxxxx> wrote: >>> >>> Mark, you had me until "home network". Because most home networks are in fact *not* more secure than the open Internet >> Not that I like NATs, but they do afford protection beyond being on the open Internet simply by lacking incoming port mapping. > > That's the firewall illusion. It is shattered if someone inside the wall falls for a phishing attack, or clicks on the wrong attachment, or downloads the wrong program. At which point all these unsafe programs that are used "only behind the firewall" become nice avenues for quickly spreading the attack much farther than the initial failure. See numerous examples of ransomware attacks against small businesses, schools, etc. > > -- Christian Huitema Sure, but you have to attack the machines behind a firewall some other way *first*. I didn’t say they were safe, just safe*er*. Joe
