Page 464 - StudyBook.pdf
P. 464

448    Chapter 7 • Topologies and IDS


                  ■   Dynamic NAT Larger business use this type of NAT because it can
                      operate with a pool of public addresses

                  ■   Port Address Translation (PAT) Most home networks using Digital
                      Subscriber Line (DSL) or cable modems use this type of NAT

                 NAT is a feature of many routers, firewalls, and proxies. NAT has several bene-
             fits, one of which is its ability to hide the IP address and network design of the
             internal network.The ability to hide the internal network from the Internet
             reduces the risk of intruders gleaning information about the network and
             exploiting that information to gain access. If an intruder does not know the struc-
             ture of a network, the network layout, the names and IP address of systems, and so
             on, it is very difficult to gain access to that network. NAT enables internal clients
             to use nonroutable IP addresses, such as the private IP addresses defined in RFC
             1918, but still enables them to access Internet resources.The three ranges of IP
             addresses RFC 1918 reserved includes:

             10.0.0.0 - 10.255.255.255 (10/8 prefix)
             172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
             192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
                 NAT can be used when there are many internal private IP addresses and there
             are only a few public IP addresses available to the organization. In this situation, the
             company can share the few public IP addresses among all the internal clients. NAT
             can also aid in security as outsiders cannot directly see Internal IP addresses. Finally,
             NAT restricts traffic flow so that only traffic requested or initiated by an internal
             client can cross the NAT system from external networks.
                 When using NAT, the internal addresses are reassigned to private IP addresses
             and the internal network is identified on the NAT host system. Once NAT is con-
             figured, external malicious users are only able to access the IP address of the NAT
             host that is directly connected to the Internet, but they are not able to “see” any of
             the internal computers that go through the NAT host to access the Internet.


















          www.syngress.com
   459   460   461   462   463   464   465   466   467   468   469