CertiGuide to Security+

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!

Get It Here!

CertiGuide to Security+
9 Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9 3.3  Security Topologies
           9 3.3.3  NAT (Network Address Translation)

Types of NAT

3.3.4 Tunneling

Why Use NAT?

Sometimes organizations use NAT by choice, to improve security by limiting the direct connectivity that is possible between internal network hosts and the outside and make it more difficult for outside attackers to “map” the target’s internal network. Sometimes, but not always, NAT is combined with a proxy service which ensures that any outside connection inbound to your network terminates at the machine providing the NAT, and is routed to the appropriate internal service with a second, separate connection – making sure that there is never a direct connection from an outside host to an internal server. This isolates your internal network from certain low-level attacks and exploits that might otherwise be possible.

Additionally, NAT eases administration by insulating an organization from external IP address changes. Without NAT, if an organization switches providers and is assigned a new Class C address, they would have to change every hard-coded address used in their organization (including configuration information like DHCP servers, DNS servers, etc.).

Some organizations and individuals use NAT by necessity. ARIN (the American Registry for Internet Numbers) has long since stopped giving out permanent Internet network addresses, even for small Class C networks, because they were getting close to the point of running out of them. Also, the Internet had expanded to such a point that routing became increasingly difficult with random network addresses scattered all over the Internet – and could be simplified considerably if things were set up so that certain super blocks of net addresses, consisting of multiple Class (n) addresses, were all assigned to the same ISP. So now, organizations are typically issued a small number of IP addresses, and must use this limited number of addresses for all of their organization’s connectivity needs. NAT is a good way to allow many hosts to access the Internet via a small number of gateway IP addresses.

NAT is Great For…

Reasons that an organization might use NAT include increased security, simplified administration, and the need for more host IP addresses than provided for by the network address block assigned to them by their ISP.

For more information about NAT, see the Network Address Translation FAQ at http://www.vicomsoft.com/knowledge/reference/nat.html

Types of NAT

3.3.4 Tunneling

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.