- PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

Description:

RFC1918 Address Allocation for Private Internets. Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear. February 1996. ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 7
Provided by: DrLa81
Category:
Tags: groot

less

Transcript and Presenter's Notes

Title:


1
Chapter 6 NAT and Security
  • Network Address Translation (NAT) is useful
  • Hide internal private IP addresses
  • Conserve routable IP addresses on the Internet
  • RFC1918 Address Allocation for Private Internets.
    Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de
    Groot, E. Lear. February 1996.
  • Reserved IP addresses for private networks in RFC
    1918 addressing scheme
  • The Internet Assigned Numbers Authority (IANA)
    has reserved the following three blocks of the IP
    address space for private internets
  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

2
An example the DCSL network
  • Network diagram for the UHCL Distributed Computer
    Security Lab (D140, D158)
  • http//www.dcsl-uhcl.net/private/research/dcsl-03-
    22-2005-revised.html

3
PAT
  • Port Address Translation
  • The PATing router translate the source and the
    destination addresses depending on the port
    number used.
  • Example Figure 6-1 (p.130)

4
Advantages of using NAT
  • The obvious advantage of using private address
    space for the Internet at large is to conserve
    the globally unique address space by not using it
    where global uniqueness is not required.
  • Enterprises themselves also enjoy a number of
    benefits from their usage of private address
    space They gain a lot of flexibility in network
    design by having more address space at their
    disposal than they could obtain from the globally
    unique pool. This enables operationally and
    administratively convenient addressing schemes as
    well as easier growth paths.

5
Drawbacks of using NAT
  • Renumbering of IP addresses may be needed in some
    cases
  • Once one commits to using a private address, one
    is committing to renumber part or all of an
    enterprise, should one decide to provide IP
    connectivity between that part (or all of the
    enterprise) and the Internet.
  • Another drawback to the use of private address
    space is that it may require renumbering when
    merging several private internets into a single
    private internet.

6
Is NAT sufficient for network security?
  • No. Its mainly a convenience measure.
  • It cannot replace the functionalities of a
    firewall
  • NAT does not track packet sequence numbers, TCP
    handshake, and UDP progress-based timers, etc.
  • It cannot replace a intrusion detection system
  • NAT does not concern itself with protecting the
    hosts from malicious data being sent on the NAT
    connections.
  • It cannot replace an access control mechanism.
Write a Comment
User Comments (0)
About PowerShow.com