Nat
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Nat

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    38

    Nat

    I was recently helping a friend install a router and network at his home (lucky him), and was wondering about NAT. How secure is NAT? My other buddy who is a net admin himself was telling me it was secure enough that you dont need to even run a firewall? It seems to me that it would not be secure enought for this but I'm not very sure. Please help

  2. #2
    Senior Member
    Join Date
    Nov 2002
    Posts
    139
    My other buddy who is a net admin himself was telling me it was secure enought that you dont need to even run a firewall?
    I'm glad this guy is not my "net admin".

    Telling someone that having NAT will suffice without a firewall is like telling someone that cheese has to be on the mouse trap to get whapped.

    Tell him to go get a firewall like Outpost from www.agnitum.com to go with his NAT.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well, acutally, for a home setup, I'd feel rather comfortable with a home router doing nat and up to date antivirus software running on the inside computers...

    Sure it might not be the "ultimate uber-secure" setup, but hey, it's a home (assumebly low profile) setup...

    Besides, if you run a Linux or BSD firewall, you're not actually doing that much more than NATing outgoing and blocking incomming (on a basic setup).


    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    119

    Question NAT

    NAT ???

    What's a NAT?
    [glowpurple]The inside secrets of big buisness are being leaked onto the Net - (who\'s fault is that ) - Me[/glowpurple] http://www.AntiOnline.com/sig.php?imageid=419

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Network Address Translation...

    Ie: Translating the private ip address of outgoing packets to the public IP of the public (internet facing) interface, thus allowing hosts with private addresses (RFC 1918) to access hosts on the internet...

    For more do a little searching, you'll find *plenty*...


    Ammo
    Credit travels up, blame travels down -- The Boss

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    i wouldn't feel comfortable with just a NATed router but if your not mapping any ports to services you'd be fairly secure
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    For home setup NAT without a firewall would be fine for regular use provided that u do not open any ports. As ammo put in the definition of NAT. It obscures the inside network from the outside network. However, it is not totally secure as it can still be bypassed by other means.

    If you only use it for surfing and the information on it is not that important if it gets stolen then that would be fine. But if u need more security and maybe use it for something like banking and other important stuff. Then most people would recommend a firewall and up to date anti virus software.

    As recommended by paulie. Outopst is quite good. Another firewall u might want to look at is from this site Kerio

  8. #8
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    NAT without a firewall ?
    How do you protect the WAN IP from hacks into the 'router' (assuming it is a 2 NIC computer)
    Once inside the router......the entire network (NAT or not) is open.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    NAT is relatively secure assuming that the NAT device allows _only_ egress. If all packets are dropped at the NAT device that are trying to come inbound then, to all intents and purposes, it is a firewall. Are there ways to circumvent the NAT device? Of course, depending upon the sophistication of the device - if it does stateful packet inspection, (SPI), then it is more secure than a device that does not. Are there ways to circumvent firewalls? Of course..... It's all a matter of how the devices are set up.

    For a home user something like the Linksys BEFSR41 in it's default configuration is ample sufficient protection from malicious ingress for a low cost and a simple installation.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Originally posted here by Tiger Shark
    NAT is relatively secure assuming that the NAT device allows _only_ egress. If all packets are dropped at the NAT device that are trying to come inbound then, to all intents and purposes, it is a firewall.
    While I would certainly agree that PAT (not NAT) does provide protection, I would not go so far as to say that it is a firewall or a replacement for a firewall. As defined in the RFC for NAT, the packet never gets inspected past the network layer and cannot filter based on ports or services (which is what a firewall does). NAT by istelf was never intended to provide any type of security. Like I said however, you are definately better off with PAT which is what most SOHO devices use. Many of these devices will provide you with an adequate level of security if you use egress traffic only, but if you are hosting servers I would not rely on them alone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •