Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Analysis on NAT Security

Published by儡双 支 Modified over 6 years ago

Similar presentations

Presentation on theme: "An Analysis on NAT Security"— Presentation transcript:

1 An Analysis on NAT Security
Trojans - II Balachandar Sankar Pragadesh Rajasekaran

2 Agenda Quick Glance on NAT Problems with NAT NAT Security
IPSec Windows 2003 Server Issues with NAT Conclusion

3 Quick Glance on NAT NAT - Network Address Translation
Enabling a Local Area Network to use one set of IP addresses for internal traffic. Provides a single public address for a set of internal addresses. Solution for deficit IPv4 addresses. Provides firewall for internal network.

4 Problems with NAT IPSec is used to secure integrity of message and authentication. NAT doesn’t support the actual functionality of IPsec. IKE embeds the source IP address. ESP encrypts header – TCP checksum & ports Problem using Windows Server 2003 VPN servers behind a NAT device

5 NAT security – solving IPSec
NAT-T Adds UDP header encapsulating ESP header Adds original sender IP address to NAT-OA (NAT Original Header) payload Prevent problems related to ports, source IP address and TCP checksum. IPSec in Tunnel Mode

6 NAT Security – Windows XP SP2
By default, the IPSec NAT-T security association is disabled. Consider the following situation The Server-1 resides behind a NAT and the NAT is configured to allow IPSEc NAT-T traffic. The Client-1, which is outside the NAT, uses IPSec NAT-T security association to connect with the Server-1.

7 NAT Security – Windows XP SP2 (contd…)
Another client (say Client-2), which is inside a NAT, establishes connection with the Client-1 through IPSec NAT-T security association. A condition may occur where the Client -1 may reestablish connection with the Client-2. This condition may cause the NAT-T traffic intended for client-2 to be redirected to Server-1.

8 NAT Security – windows 2003 server
NAT-T - IPSec cannot be used when Windows Server 2003 VPN servers are used behind a NAT device since IPSec usage is compromised and chances for the packets routing to different machines are possible within NAT. Solutions: VPN servers public IP addresses can be used so clients can connect to them directly rather than through NAT. Editing the windows registry to restore the ability to connect to servers behind a NAT with IPSec/NAT-T.

9 Issues with NAT Increasing the probability of mis-addressing.
NAT breaks certain applications making them more difficult to run. (incorrect ports) Servers can’t be run within a NAT network unless configured. Dynamic IP addressing by ADSL changes IP for every 20 hours. Since all users behind Nat uses the same public IP address, information related to connectivity is lost

10 Conclusion NAT security issues are still being solved.
Though some major issues are solved, still the problem exists. IPv6 will change the infrastructure of NAT.

11 Questions ??

Download ppt "An Analysis on NAT Security"

Similar presentations

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Network Address Translation (NAT) CS-480b Dick Steflik.

Network Address Translation (NAT) CS-480b Dick Steflik.

Similar presentations

Ads by Google