– Chapter 6 – NAT and Security

Slides:



Advertisements
Similar presentations
IPv4 to IPv6 Network Address Translation. Introduction 4 What is the current internet addressing scheme and what limitations does it face. 4 A new addressing.
Advertisements

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Information Networking Security and Assurance Lab National Chung Cheng University Private IP(RFC1918) The Internet Assigned Numbers Authority (IANA) has.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CSE5803 Advanced Internet Protocols and Applications (7) Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
4: Addressing Working At A Small-to-Medium Business or ISP.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
Introduction to Network Address Translation
CS 540 Computer Networks II Sandy Wang
Firewalls, etc. (Some of the slides in this file were adapted from Oppliger’s online slides at
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.
IP ADDRESSING, SUBNETTING & VLSM 1. Decimal vs. Binary Numbers – Decimal numbers are represented by the numbers 0 through 9. – Binary numbers are represented.
Addressing IP v4 W.Lilakiatsakun. Anatomy of IPv4 (1) Dotted Decimal Address Network Address Host Address.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning the Addressing Structure Working at a Small-to-Medium Business.
Private Network Addresses IP addresses in a private network can be assigned arbitrarily. – Not registered and not guaranteed to be globally unique Generally,
Network Security1 – Chapter 6 – NAT and Security Network Address Translation (NAT) is useful: –Hide internal private IP addresses –Conserve routable IP.
NAT Network Address Translation. Reading CNI – pp Port Mapping LA – pp NAT.
Network Address Translation External/ Internal/. OVERLOADING In Overloading, each computer on the private network is translated to the same IP address;
NAT and PAT. Topics RFCs 1597(obs by 1918), 1631,1917, 1918 & 1797 Network Address Translation – Static and Dynamic Port Address Translation Issues with.
CISCO NETWORKING ACADEMY Chabot College ELEC Network Address Translation.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.
NAT & PAT Network Address Translation Port Address Translation.
N ETWORK S ECURITY Network Address Translation. C ONTENTS What is NAT NAT Terminology How NAT works NAT translation Dynamic, static and overloading Advantages.
NAT/PAT by S K SATAPATHY
1 Network Address Translation. 2 Network Address Translation (NAT) Extension of original addressing scheme Motivated by exhaustion of IP address space.
CCNA Discovery Semester 3 Addressing in an Enterprise Network Chapter 4 K. Martin.
Chapter 5. An IP address is simply a series of binary bits (ones and zeros). How many binary bits are used? 32.
CCNA4-1 Chapter 7-1 IP Addressing Services Scaling Networks With Network Address Translation (NAT)
CCNA4-1 Chapter 7-1 NAT Chapter 11 Routing and Switching (CCNA2)
Network Address Translation
Planning the Addressing Structure
4.3 Network Layer Logical Addressing
NAT : Network Address Translation
Network Address Translation (NAT)
Network Address Translation
Instructor Materials Chapter 9: NAT for IPv4
NAT / PAT.
Network Address Translation (NAT)
Routing and Switching Essentials v6.0
Introducing To Networking
Hiding Network Computers Gateways
NET323 D: Network Protocols
Security in Networking
New Solutions For Scaling The Internet Address Space
Routing and Switching Essentials v6.0
NAT and Security Source: Ch. 6 of Malik
NAT / PAT.
Cabrillo College Building Cisco Remote Access Network
Instructor Materials Chapter 9: NAT for IPv4
NET323 D: Network Protocols
Planning the Addressing Structure
Planning the Addressing Structure
Planning the Addressing Structure
Chapter 11: Network Address Translation for IPv4
IP Addressing.
Request for Comments(RFC) 3489
Network Address Translation (NAT)
Presentation transcript:

– Chapter 6 – NAT and Security Network Address Translation (NAT) is useful to: Hide internal private IP addresses Conserve routable IP addresses on the Internet RFC1918 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. Network Security

Reserved IP addresses for private networks Reserved IP addresses for private networks in RFC 1918 addressing scheme: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Network Security

An example of NAT - the DCSL network Network diagram for the UHCL Distributed Computer Security Lab (D140, D158) http://www.dcsl-uhcl.net/public/DCSL%20diagram.html Network Security

PAT (Port Address Translation) The PATing router translates the source and the destination addresses depending on the port number used. See Figure 6-1 (p.130). Network Security

Advantages of using NAT The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. Enterprises gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. Hiding of the private addresses from the public. An outsider only knows the globally addressable IP and a port#. Security: Incoming packets without proper port# are discarded. Network Security

Drawbacks of using NAT Renumbering of IP addresses may be needed in some cases: Once one commits to using a private address, one is committing to renumber part or all of an enterprise, should one decide to provide IP connectivity between that part (or all of the enterprise) and the Internet. Another drawback to the use of private address space is that it may require renumbering when merging several private internets into a single private internet. Network Security

Is NAT sufficient for network security? No. It’s mainly a convenience measure. It cannot replace the functionalities of a firewall: NAT does not track packet sequence numbers, TCP handshake, and UDP progress-based timers, etc. It cannot replace a intrusion detection system (IDS): NAT does not concern itself with protecting the hosts from malicious data being sent on the NAT connections. It cannot replace an access control mechanism. Network Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.