Video Description

In this lesson, you will cover NAT (network address translation) and its subset: PAT (port address translation). The idea is that your local area network is hidden behind a firewall or some other screening device, and then is connected out to the internet (which poses quite a threat to our internal environment). We need to make sure we have multiple layers of defense in protecting our internal network from the external network. Originally NAT was a one-to-one mapping; for every internal host that you had, you would have an external IP address. Important facts about NAT/PAT:

  • It is a proxy that works without special software and is transparent to the end users
  • It will remap IP addresses, allowing you to use private addresses internally and map them to public IP addresses
  • NAT allows multiple private addresses to share one public address

The problem with NAT by itself is; for every internal host, you will need the same number of external interfaces. Nat has a subset: PAT, which allows you to have one public interface and numerous internal hosts. Ultimately what NAT does is; it intercepts traffic, strips the source address from the traffic and replaces it with its own external IP address as the source. The lesson will close with a discussion on configuration management. - It's defined by ISC2 as "a process of identifying and documenting hardware components, software, and the associated settings."

  • The goal is to move beyond the original design to a hardened, operationally sound configuration
  • Identifying, controlling, accounting for and auditing changes made to the baseline TCB
  • Will control changes and test documentation through the operational life cycle of a system
  • Implemented hand in hand with change control
  • Essential to disaster recovery

Course Modules