View all of our Network Security Appliances What can we do for you Today Frequently Asked Questions Who Are We and Everything else Contact us
Back
F.A.Q.
Crypto History
DMZ
NAT
Stateful Packet
Client Side Security
Server Side Security
Protecting Confidential Documents
Denial of Service Attacks

Q1: What is NAT?
Q2 :Is NAT a form of Security?
Q3: What forms of NAT are available?

What is NAT?
NAT stands for Network Address Translation. NAT resolves IP address conflicts by replacing unregistered addresses with registered ones in IP packets.  Registered addresses are routable IP addresses over the internet (also referred to as public IP addresses).  Unregistered, or private IP addresses are non-routable IP addresses.

NAT functionality is built into devices such as network routers, firewalls, ISDN routers and standalone NAT devices. NAT devices maintain state tables that map unregistered IP addresses on one side of the devices to registered addresses on the other side.  See figure A. for a common use of NAT.

 

Each packet that is part of the NAT and passes through the device is translated to the proper address before being moved to the next hop. While this necessitates some processing overhead, the hit on most networks is negligible, unless you are applying NAT to a large number of hosts on a very fat pipe.

NAT is not a form of Security:
Be aware that NAT is not a security scheme and delivers no safeguards to your network. NAT masquerades IP addresses on the external interface, but this won't stop covert tricks to snoop on connections, steal sessions or otherwise compromise your network. Security such as packet filtering, tunneling and firewalling are provided by other mechanisms.  NAT is susceptible to a common form of hacking called IP spoofing.  IP spoofing is a technique where as a malicious user on the internet can trick the NAT device into thinking that their IP address in on the local network.

But at the same time, NAT is becoming more common on devices that examine IP packets, such as firewalls and routers; since these devices are already in the packet, the processing to swap addresses is minimal.

Types of NAT:
There are three kinds of NAT: static NAT, pooled NAT and port-level NAT (sometimes referred to as Port Address Translation, or PAT). Static NAT is the simplest to set up. Each host on the internal network is permanently mapped to an address on the external network. Pooled NAT defines a pool of addresses on the external network that are allocated dynamically to internal hosts. PAT maps internal connections to a single IP address on the external network, but with a TCP port number selected by the NAT device. Depending on what you want to accomplish, each strategy has advantages and disadvantages.

 

 

 

 

Copyright© 2003-2004 Pitbull Technologies, Inc. All rights reserved.