Why Use NAT?
Sometimes organizations use NAT by choice, to improve security by limiting the direct connectivity that is possible between internal network hosts and the outside and make it more difficult for outside attackers to map the targets internal network. Sometimes, but not always, NAT is combined with a proxy service which ensures that any outside connection inbound to your network terminates at the machine providing the NAT, and is routed to the appropriate internal service with a second, separate connection making sure that there is never a direct connection from an outside host to an internal server. This isolates your internal network from certain low-level attacks and exploits that might otherwise be possible.
Additionally, NAT eases administration by insulating an organization from external IP address changes. Without NAT, if an organization switches providers and is assigned a new Class C address, they would have to change every hard-coded address used in their organization (including configuration information like DHCP servers, DNS servers, etc.).
Some organizations and individuals use NAT by necessity. ARIN (the American Registry for Internet Numbers) has long since stopped giving out permanent Internet network addresses, even for small Class C networks, because they were getting close to the point of running out of them. Also, the Internet had expanded to such a point that routing became increasingly difficult with random network addresses scattered all over the Internet and could be simplified considerably if things were set up so that certain super blocks of net addresses, consisting of multiple Class (n) addresses, were all assigned to the same ISP. So now, organizations are typically issued a small number of IP addresses, and must use this limited number of addresses for all of their organizations connectivity needs. NAT is a good way to allow many hosts to access the Internet via a small number of gateway IP addresses.
For more information about NAT, see the Network Address Translation FAQ at http://www.vicomsoft.com/knowledge/reference/nat.html
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.