Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security1 – Chapter 6 – NAT and Security Network Address Translation (NAT) is useful: –Hide internal private IP addresses –Conserve routable IP.

Published byDenis Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security1 – Chapter 6 – NAT and Security Network Address Translation (NAT) is useful: –Hide internal private IP addresses –Conserve routable IP."— Presentation transcript:

1 Network Security1 – Chapter 6 – NAT and Security Network Address Translation (NAT) is useful: –Hide internal private IP addresses –Conserve routable IP addresses on the Internet RFC1918 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996.RFC1918 Reserved IP addresses for private networks in RFC 1918 addressing scheme: –The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

2 Network Security2 An example: the DCSL network Network diagram for the UHCL Distributed Computer Security Lab (D140, D158) –http://www.dcsl-uhcl.net/private/research/dcsl-03-22-2005- revised.htmlhttp://www.dcsl-uhcl.net/private/research/dcsl-03-22-2005- revised.html

3 Network Security3 PAT Port Address Translation The PATing router translate the source and the destination addresses depending on the port number used. Example: Figure 6-1 (p.130)

4 Network Security4 Advantages of using NAT The obvious advantage of using private address space for the Internet at large is to conserve the globally unique address space by not using it where global uniqueness is not required. Enterprises themselves also enjoy a number of benefits from their usage of private address space: They gain a lot of flexibility in network design by having more address space at their disposal than they could obtain from the globally unique pool. This enables operationally and administratively convenient addressing schemes as well as easier growth paths.

5 Network Security5 Drawbacks of using NAT Renumbering of IP addresses may be needed in some cases: 1.Once one commits to using a private address, one is committing to renumber part or all of an enterprise, should one decide to provide IP connectivity between that part (or all of the enterprise) and the Internet. 2.Another drawback to the use of private address space is that it may require renumbering when merging several private internets into a single private internet.

6 Network Security6 Is NAT sufficient for network security? No. It’s mainly a convenience measure. 1.It cannot replace the functionalities of a firewall: NAT does not track packet sequence numbers, TCP handshake, and UDP progress-based timers, etc. 2.It cannot replace a intrusion detection system: NAT does not concern itself with protecting the hosts from malicious data being sent on the NAT connections. 3.It cannot replace an access control mechanism.

Download ppt "Network Security1 – Chapter 6 – NAT and Security Network Address Translation (NAT) is useful: –Hide internal private IP addresses –Conserve routable IP."

Similar presentations

IPv4 to IPv6 Network Address Translation. Introduction 4 What is the current internet addressing scheme and what limitations does it face. 4 A new addressing.

IPv4 to IPv6 Network Address Translation. Introduction 4 What is the current internet addressing scheme and what limitations does it face. 4 A new addressing.
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.

Ch. 1 – Scaling IP Addresses NAT/PAT and DHCP CCNA 4 version 3.0.
Information Networking Security and Assurance Lab National Chung Cheng University Private IP(RFC1918) The Internet Assigned Numbers Authority (IANA) has.

Information Networking Security and Assurance Lab National Chung Cheng University Private IP(RFC1918) The Internet Assigned Numbers Authority (IANA) has.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
CSE5803 Advanced Internet Protocols and Applications (7) 1 7.1 Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.

CSE5803 Advanced Internet Protocols and Applications (7) Introduction The IP addressing scheme discussed in Chapter 2 are classful and can be summarised.
M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor 660-3713

M. Dahshan - TCOM52721 TCOM 5272 Telecomm Lab Dr. Mostafa Dahshan OU-Tulsa 4W 2 nd floor
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Sybex CCNA 640-802 Chapter 11: Network Address Translation Instructor & Todd Lammle.

Sybex CCNA Chapter 11: Network Address Translation Instructor & Todd Lammle.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.

Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.

1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Network Address Translation

Network Address Translation
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 1 Scaling IP Addresses.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing in an Enterprise Network Introducing Routing and Switching in the.

Similar presentations

Ads by Google