Results 1 to 7 of 7

Thread: Network Address Translation

  1. #1
    Member rnapro's Avatar
    Join Date
    Aug 2001
    Posts
    66

    Question Network Address Translation

    In several locations I am using a router using NAT to translate from private IP's to a single public IP. Is this giving me a false sense of security? How easy is it for someone to get through the router to my network?

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    196

    Cool

    Depends on the router used, whether it's a hardware one or software/hardware combo (PC), what type of features it has. Also remember that if somehow a trojan gets on the internal computers, that would bypass all the security reasons for using a NAT server. I like to think of NAT's as an outbound connection, you can't connect from the internet to a computer on the internal network because it shouldn't be sending packets that way. Kind of a like a one-way street. Although you can have those willing to go "against the rules" and go the wrong way down the one-way street. Just a question, what type of router are you using? I'm not a router expert, but maybe some others here can fill you in as far as security goes.....

  3. #3
    Member rnapro's Avatar
    Join Date
    Aug 2001
    Posts
    66
    Thanks for the confirmation.

    I am using a Linksys Ethernet router connected after my cable modem here at home. Before using the Linksys I did notice a lot of port probes and scan on my system thanks to Black Ice, since the install of my router I have not notice any outside traffic coming in. I just want to make sure I am not fooling myself.

    At work the site are behind a Cisco 2610 running NAT from the IOS. I am learning quite a bit about routers and firewall but I am not that great yet.

  4. #4
    Member
    Join Date
    Sep 2001
    Posts
    77

    Network Security

    Just think of it as another layer in your security layout. No piece of hardware/software is unbreakable/hackable. The more layers you have, nat, firewall, NIDS systems, solidly patched and logged systems, the less likely someone will get all the way through (and more likely you will have the info to do something about it if they do).

    I use both Linksys and Cisco, both have vulnerabilities, especially if improperly configured. Use their respective home pages to search for patches. You may also wish to join a few security mailing lists to get notices about security issues that originate outside the vendor .

    cheers
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.

  5. #5
    I dont think your giving your self a false sense of security but then again you shouldnt put that thought out of your head totally. Using NAT with any router is a good form of security with a firewall. Something like outside NAT/router --> firewall (preferably unix box firewall) --> your network. Thats good if you have the resources. Well its late and i dont want to give out any bad info i'll add more later maybe.

  6. #6

    Routers are great an all but....

    I have heard that it is better to go with a simple 386 as a gateway rather than a router. I have been working on setting one up for my self. I have an old IBM ps2 that I installed linux on. Then set up IPCHAINS and with the addition of some research I am close to setting up a gateway to the outside world. I have been posting my research and steps on my home site. I also have links to the official intsructions on doing this.

    www.webflashover.com I believe it is under the hacker section somewhere.

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Location
    Bemidji, Minnesota
    Posts
    228

    just a piece

    no better router and firewall than a well configured linux as a gateway...that's my two cents take it or leave it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •