Lesson
11: Security Basics
Why Security?
| Identity
| Integrity
| Active
Audit
Network Address Translation
Let’s explore another methodology of
making sure that your system is safe. This is different than
the other ones we’ve been touching on. Network Address
Translation means security through obscurity. It means by
not advertising my IP address to the outside world, I can
ensure that nobody can come in and pretend that they’re
me or pretend that they’re somebody trusted to me.
So the way that that would work is your device, it might be
a firewall, might be a router, is going to have a pool of
IP addresses that you want to utilize to go to the outside
world. So whatever the address is on the inside, it’s
never seen. It’s always changed when it gets to whatever
your perimeter device is.
So through Network Address Translation we can provide increased
security.
In addition to Network Address Translation, there’s
another technology you’ll hear about called port address
translation. With port address translation, that particular
device, be it a router or a firewall, that’s issuing
that IP address to the outside world, the IP address that
the outside world is going to see, is going to put all its
requests out along one single IP address.
The way it does that is by putting the different requests
on a different port number, keeping track of that information,
and changing the port number when it comes back. The reason
that you might want to implement port address translation
is if you have difficulty getting enough IP addresses for
all of the users on your network.
There can be some limitations. For an example, many multimedia
applications require multiple ports on a single IP address.
So it may not be appropriate for every installation.
<<Back
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
[10]
[11] [12]
[13]
Next>>
|
