11-09-2003 04:20 PM - edited 03-09-2019 05:27 AM
How safe/good is NAT global static ip to an internal LAN ip? How does this hide/protect from hackers and port probers finding the true ip address of the network. Any documents on NAT security for networks would be grateful.
11-09-2003 07:17 PM
Will this server be accessible from the outside/public network? If so, not advisible. If this answers your question please rate and close. Thanks.
11-09-2003 10:54 PM
Hi,
Iwierenga is right. NAT is as insecure as having the actual IP. The only thing that makes it secure is blocking access to unwanted ports/IPs/traffic
Thanks
Nadeem
11-10-2003 02:28 PM
How can things be made more secure??? Without costing too much??
11-10-2003 08:11 PM
Security is a business of diligence, and the first thing to understand is that the best security practices are to keep all systems and networking devices patched, and only allow that traffic that is absolutly neccessary into your DMZ. Also, learn to read a lot of logs, and learn to understand the difference between reconnaissance, compromise attempts, and false positives.
With regards to costs to your business? Think of it this way, what if your network was compromised...how much would it cost your business? I get an average of 6000 hits a day of offending traffic, thats slight compared to financial institutions.
Anyway, there are many products that are free that will help your business in staying secure. With regards to NAT, NAT is just one component to secure your network, NAT works to hide your DMZ (or sometimes internal network...bad idea) private IP addressing from the outside. The normal security model is to have Internet/perimeter router that connects to a firewall's outside interface, and the firewall's inside interface then connects to security switch that you would VLAN to seperate your DMZ/'s. This is the simple model, and get much more complex and costly. It would be my recommendation to have this model as a minumum.
With regards to securing routers and servers a good start is to go here:
National Security Agency
Security Recommendation Guides
A good freeby IDS is of course Snort for nix, go here:
Win32 version of Snort is here:
http://www.datanerds.net/~mike/snort.html
A good place to start understanding security is SANS:
http://www.sans.org/resources/
And finally a good place to start to unbderstand NAT:
http://www.ietf.org/rfc/rfc1631.txt?number=1631
Hopefully, this will help you. If this answer your questions please close and rate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide