NAT translates the addresses of hosts behind a firewall or router and is normally used for internal networks that have unregistered (non-routable) IP addresses. In this blog we are going to explore the security aspects of this technology.
Nat router configuration download#
This means that an internal user can browse the internet, and download files but an external host cannot initiate a session to an internal IP Address and use it to connect to internal devices or services. Basically, this means that a host on an external network cannot connect to an internal host unless that host has initiated an outbound session. More specifically, dynamic NAT automatically creates a FIREWALL between our internal network and any outside networks, to include the largest external network in the worldthe internet.
So what does NAT have to do with network security? NAT breaks the end-to-end IP/TCP model. So what does NAT have to do with the ever expanding size of the internet? The answer is: EVERYTHING! When the IPv4 address space was originally developed everyone thought that there would be more than enough available addresses to cover all eventual needs, but with the veritable explosion of internet users and the ever increasing number of home networks, the number of available IP Addresses turned out to be insufficient to the task at hand.
There's a very good chance that you are using Network Address Translation (NAT) right now and most people are not even aware of it. CCNP Security FIREWALL 642-618 Official Cert Guide