Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
4
Replies

Security of NAT global ip to internal LAN ip?

huytuan
Level 1
Level 1

‎11-09-2003 04:20 PM - edited ‎03-09-2019 05:27 AM

How safe/good is NAT global static ip to an internal LAN ip? How does this hide/protect from hackers and port probers finding the true ip address of the network. Any documents on NAT security for networks would be grateful.

Labels:
0 Helpful
4 Replies 4

lwierenga
Level 1
Level 1

‎11-09-2003 07:17 PM

Will this server be accessible from the outside/public network? If so, not advisible. If this answers your question please rate and close. Thanks.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to lwierenga

‎11-09-2003 10:54 PM

Hi,

Iwierenga is right. NAT is as insecure as having the actual IP. The only thing that makes it secure is blocking access to unwanted ports/IPs/traffic

Thanks

Nadeem

0 Helpful

huytuan
Level 1
Level 1
In response to nkhawaja

‎11-10-2003 02:28 PM

How can things be made more secure??? Without costing too much??

0 Helpful

lwierenga
Level 1
Level 1

‎11-10-2003 08:11 PM

Security is a business of diligence, and the first thing to understand is that the best security practices are to keep all systems and networking devices patched, and only allow that traffic that is absolutly neccessary into your DMZ. Also, learn to read a lot of logs, and learn to understand the difference between reconnaissance, compromise attempts, and false positives.

With regards to costs to your business? Think of it this way, what if your network was compromised...how much would it cost your business? I get an average of 6000 hits a day of offending traffic, thats slight compared to financial institutions.

Anyway, there are many products that are free that will help your business in staying secure. With regards to NAT, NAT is just one component to secure your network, NAT works to hide your DMZ (or sometimes internal network...bad idea) private IP addressing from the outside. The normal security model is to have Internet/perimeter router that connects to a firewall's outside interface, and the firewall's inside interface then connects to security switch that you would VLAN to seperate your DMZ/'s. This is the simple model, and get much more complex and costly. It would be my recommendation to have this model as a minumum.

With regards to securing routers and servers a good start is to go here:

National Security Agency

Security Recommendation Guides

http://nsa2.www.conxion.com/

A good freeby IDS is of course Snort for nix, go here:

http://www.snort.org/

Win32 version of Snort is here:

http://www.datanerds.net/~mike/snort.html

A good place to start understanding security is SANS:

http://www.sans.org/resources/

And finally a good place to start to unbderstand NAT:

http://www.ietf.org/rfc/rfc1631.txt?number=1631

Hopefully, this will help you. If this answer your questions please close and rate.

0 Helpful
Customers Also Viewed These Support Documents