1 / 7

NAT and Security: Protecting Networks

This chapter discusses how Network Address Translation (NAT) is useful for hiding internal private IP addresses and conserving routable IP addresses on the Internet. It also covers the advantages and drawbacks of using NAT and explains why it is not sufficient for network security.

charlesdavid
Download Presentation

NAT and Security: Protecting Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. – Chapter 6 – NAT and Security • Network Address Translation (NAT) is useful to: • Hide internal private IP addresses • Conserve routable IP addresses on the Internet • RFC1918Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. Network Security

  2. Reserved IP addresses for private networks • Reserved IP addresses for private networks in RFC 1918 addressing scheme: • The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Network Security

  3. An example of NAT- the DCSL network • Network diagram for the UHCL Distributed Computer Security Lab (D140, D158) • http://www.dcsl-uhcl.net/public/DCSL%20diagram.html Network Security

  4. PAT (Port Address Translation) • The PATing router translates the source and the destination addresses depending on the port number used. See Figure 6-1 (p.130). Network Security

  5. Advantages of using NAT • The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. • Enterprises gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. • Hiding of the private addresses from the public. An outsider only knows the globally addressable IP and a port#. • Security: Incoming packets without proper port# are discarded. Network Security

  6. Drawbacks of using NAT • Renumbering of IP addresses may be needed in some cases: • Once one commits to using a private address, one is committing to renumber part or all of an enterprise, should one decide to provide IP connectivity between that part (or all of the enterprise) and the Internet. • Another drawback to the use of private address space is that it may require renumbering when merging several private internets into a single private internet. Network Security

  7. Is NAT sufficient for network security? • No. It’s mainly a convenience measure. • It cannot replace the functionalities of a firewall: NAT does not track packet sequence numbers, TCP handshake, and UDP progress-based timers, etc. • It cannot replace a intrusion detection system (IDS): NAT does not concern itself with protecting the hosts from malicious data being sent on the NAT connections. • It cannot replace an access control mechanism. Network Security

More Related