1 / 7

Network Address Translation (NAT) is useful to: Hide internal private IP addresses

NAT and Security Source: Ch. 6 of Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education. 2002. Network Address Translation (NAT) is useful to: Hide internal private IP addresses Conserve routable IP addresses on the Internet

inez
Download Presentation

Network Address Translation (NAT) is useful to: Hide internal private IP addresses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NAT and SecuritySource: Ch. 6 of Malik. Network Security Principles and Practices (CCIE Professional Development). Pearson Education. 2002. • Network Address Translation (NAT) is useful to: • Hide internal private IP addresses • Conserve routable IP addresses on the Internet • RFC1918Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. Network Security

  2. Reserved IP addresses for private networks • Reserved IP addresses for private networks in RFC 1918 addressing scheme: • The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Network Security

  3. An example of NAT- the DCSL network • Network diagram for the UHCL Distributed Computer Security Lab (D140, D158) • http://www.dcsl-uhcl.net/public/DCSL%20diagram.html Network Security

  4. PAT (Port Address Translation) • The PATing router translates the source and the destination addresses depending on the port number used. Network Security

  5. Advantages of using NAT • The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. • Enterprises gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. • Hiding of the private addresses from the public. An outsider only knows the globally addressable IP and a port#. • Security: Incoming packets without proper port# are discarded. Network Security

  6. Drawbacks of using NAT • Renumbering of IP addresses may be needed in some cases: • Once one commits to using a private address, one is committing to renumber part or all of an enterprise, should one decide to provide IP connectivity between that part (or all of the enterprise) and the Internet. • Another drawback to the use of private address space is that it may require renumbering when merging several private internets into a single private internet. Network Security

  7. Is NAT sufficient for network security? • No. It’s mainly a convenience measure. • It cannot replace the functionalities of a firewall: NAT does not track packet sequence numbers, TCP handshake, and UDP progress-based timers, etc. • It cannot replace a intrusion detection system (IDS): NAT does not concern itself with protecting the hosts from malicious data being sent on the NAT connections. • It cannot replace an access control mechanism. • … Network Security

More Related