X

Network Address Translation

Let’s explore another methodology of making sure that your system is safe. This is different than the other ones we’ve been touching on. Network Address Translation means security through obscurity. It means by not advertising my IP address to the outside world, I can ensure that nobody can come in and pretend that they’re me or pretend that they’re somebody trusted to me.

So the way that that would work is your device, it might be a firewall, might be a router, is going to have a pool of IP addresses that you want to utilize to go to the outside world. So whatever the address is on the inside, it’s never seen. It’s always changed when it gets to whatever your perimeter device is.

So through Network Address Translation we can provide increased security.

In addition to Network Address Translation, there’s another technology you’ll hear about called port address translation. With port address translation, that particular device, be it a router or a firewall, that’s issuing that IP address to the outside world, the IP address that the outside world is going to see, is going to put all its requests out along one single IP address.

The way it does that is by putting the different requests on a different port number, keeping track of that information, and changing the port number when it comes back. The reason that you might want to implement port address translation is if you have difficulty getting enough IP addresses for all of the users on your network.

There can be some limitations. For an example, many multimedia applications require multiple ports on a single IP address. So it may not be appropriate for every installation.

Categories: Security Basics