Results 1 to 3 of 3

Thread: NAT, A General Understanding....

  1. #1
    JANDOENT
    Guest

    Lightbulb NAT, A General Understanding....

    NAT can be a very confusing item to many people.
    Education is the best security defense, so lets learn a little bit about how NAT came to be and what was it's purpose. RFC 1631 Network Address Translators tells us that NAT was devised as a short term solution to address depletion by address reuse as explained in that article. Interestingly enough, in 1994, NAT's infancy, it was stated that the same characteristics that enhances privacy, potentially makes debugging problems (involving security violations) more difficult to find the host as it hides the IP address of the host.
    Although, this makes it difficult to find the host, I can't say that this increases the risks of being violated.

    quote:
    --------------------------------------------------------------------------------

    Privacy, Security, and Debugging Considerations

    Unfortunately, NAT reduces the number of options for providing
    security. With NAT, nothing that carries an IP address or information
    derived from an IP address (such as the TCP-header checksum) can be
    encrypted. While most application-level encryption should be ok, this
    prevents encryption of the TCP header.

    On the other hand, NAT itself can be seen as providing a kind of
    privacy mechanism. This comes from the fact that machines on the
    backbone cannot monitor which hosts are sending and receiving traffic
    (assuming of course that the application data is encrypted).

    The same characteristic that enhances privacy potentially makes
    debugging problems (including security violations) more difficult. If
    a host is abusing the Internet is some way (such as trying to attack
    another machine or even sending large amounts of junk mail or
    something) it is more difficult to pinpoint the source of the trouble
    because the IP address of the host is hidden.
    --------------------------------------------------------------------------------


    The article is worth a read, anyway...


    Webopedias explanation of NAT


    NAT
    Last modified: February 21, 2000
    Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations.

    NAT serves two main purposes:

    Provides a type of firewall by hiding internal IP addresses
    Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations.
    Allows a company to combine multiple ISDN connections into a single Internet connection


    Whatis defines NAT

    NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of global IP addresses that a company needs and it lets the company use a single IP address in its communication with the world.
    NAT is included as part of a router and is often part of a corporate firewall. Network administrators create a NAT table that does the global-to-local and local-to-global IP address mapping. NAT can also be used in conjunction with policy routing. NAT can be statically defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's version of NAT lets an administrator create tables that map:

    A local IP address to one global IP address statically
    A local IP address to any of a rotating pool of global IP addresses that a company may have
    A local IP address plus a particular TCP port to a global IP address or one in a pool of them
    A global IP address to any of a pool of local IP addresses on a round-robin basis
    NAT is described in general terms in RFC 1631. which discusses NAT's relationship to Classless Interdomain Routing (Classless Inter-Domain Routing) as a way to reduce the IP address depletion problem. NAT reduces the need for a large amount of publicly known IP addresses by creating a separation between publicly known and privately known IP addresses. CIDR aggregates publicly known IP addresses into blocks so that fewer IP addresses are wasted. In the end, both extend the use of IPv4 IP addresses for a few more years before IPv6 is generally supported.


    A more detailed & technical discussion can be found here


    A very informative read is found here


    This decribes various types and implementations of NAT


    Peer to Peer Networking with NAT


    Linux & NAT


    Vicomsoft has a good explanation.

    quote:
    --------------------------------------------------------------------------------
    NAT automatically provides firewall-style protection without any special set-up. That is because it only allows connections that are originated on the inside network. This means, for example, that an internal client can connect to an outside FTP server, but an outside client will not be able to connect to an internal FTP server because it would have to originate the connection, and NAT will not allow that. It is still possible to make some internal servers available to the outside world via inbound mapping, which maps certain well know TCP ports (e.g.. 21 for FTP) to specific internal addresses, thus making services such as FTP or Web available in a controlled way.
    --------------------------------------------------------------------------------

    All of the aforementioned sites has links included with them for those that are interested in a more indepth study.

    In summary, NAT translates your internal IP and helps prevent connections originating from outside of your puter, in effect providing some characteristics of a firewall, however it is not an actual hardware firewall.
    It's primary purpose, as initially explained, was to help with IP address depletions. Of course, as a security enhancement, it is better than nothing...


    ------------------
    Inquiring minds want to know...

  2. #2
    cobra25
    Guest

    Post

    Wow great info, but I have to lie down now reading that extremely long post gave me a headache

  3. #3
    SG Enthusiast FunK's Avatar
    Join Date
    Aug 2000
    Posts
    2,721

    Post

    Good info Ken!
    Always nice to see you sharing your knowledge and resources. I wonder how many times we will link to this thread
    I'm sure it will be allot.

    FunK
    Simply run adaware, spybot, ZoneAlarm, HijackThis, AVG, update windows daily, have a router, don't open e-mail, turn off action scripting, don't use P2P networks, don't violate EULAs, and wear a condom to get Windows secured.

    People say Linux is alot of work!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •