|
|
|
|
|
|
by ianlevesque
1020 days ago
|
|
|
I don't think that's true in general because each of these end-user routers have their own sharp edges. IPv4 consumer routers have a DMZ option which would, for at least 1 device, be the same as taking down your stateful firewall. Also, thankfully, in all of the examples I've seen in the wild, the stateful firewall was just on by default, much as NAT is on by default. In both cases you are taking steps to compromise your own security, that most people won't bother to do. Finally, the risk to an individual machine 'loose on the internet' is lower than its ever been because Windows has for years enabled a firewall by default on its own, and macOS doesn't expose any open ports by default either. That does leave printers, IoT devices, and the like, but now we're really pretty far into the weeds of lots of non-default customization combined with individual CVEs in non-computing hardware. |
|
|
Sure there are exceptions, but you are massively reducing your risk by not having your toaster having a public address by default and having something actively have to translate it to a public address