Presentation is loading. Please wait.

Presentation is loading. Please wait.

– Chapter 6 – NAT and Security

Published byCody Cross Modified over 6 years ago

Similar presentations

Presentation on theme: "– Chapter 6 – NAT and Security"— Presentation transcript:

1 – Chapter 6 – NAT and Security
Network Address Translation (NAT) is useful to: Hide internal private IP addresses Conserve routable IP addresses on the Internet RFC1918 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. Network Security

2 Reserved IP addresses for private networks
Reserved IP addresses for private networks in RFC 1918 addressing scheme: The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: (10/8 prefix) (172.16/12 prefix) ( /16 prefix) Network Security

3 An example of NAT - the DCSL network
Network diagram for the UHCL Distributed Computer Security Lab (D140, D158) Network Security

4 PAT (Port Address Translation)
The PATing router translates the source and the destination addresses depending on the port number used. See Figure 6-1 (p.130). Network Security

5 Advantages of using NAT
The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. Enterprises gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths. Hiding of the private addresses from the public. An outsider only knows the globally addressable IP and a port#. Security: Incoming packets without proper port# are discarded. Network Security

6 Drawbacks of using NAT Renumbering of IP addresses may be needed in some cases: Once one commits to using a private address, one is committing to renumber part or all of an enterprise, should one decide to provide IP connectivity between that part (or all of the enterprise) and the Internet. Another drawback to the use of private address space is that it may require renumbering when merging several private internets into a single private internet. Network Security

7 Is NAT sufficient for network security?
No. It’s mainly a convenience measure. It cannot replace the functionalities of a firewall: NAT does not track packet sequence numbers, TCP handshake, and UDP progress-based timers, etc. It cannot replace a intrusion detection system (IDS): NAT does not concern itself with protecting the hosts from malicious data being sent on the NAT connections. It cannot replace an access control mechanism. Network Security

Download ppt "– Chapter 6 – NAT and Security"

Similar presentations

IPv4 to IPv6 Network Address Translation. Introduction 4 What is the current internet addressing scheme and what limitations does it face. 4 A new addressing.

IPv4 to IPv6 Network Address Translation. Introduction 4 What is the current internet addressing scheme and what limitations does it face. 4 A new addressing.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Information Networking Security and Assurance Lab National Chung Cheng University Private IP(RFC1918) The Internet Assigned Numbers Authority (IANA) has.

Information Networking Security and Assurance Lab National Chung Cheng University Private IP(RFC1918) The Internet Assigned Numbers Authority (IANA) has.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CSE5803 Advanced Internet Protocols and Applications (7) 1 7.1 Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.

CSE5803 Advanced Internet Protocols and Applications (7) Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
4: Addressing Working At A Small-to-Medium Business or ISP.

4: Addressing Working At A Small-to-Medium Business or ISP.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation

Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

Similar presentations

Ads by Google