Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this lesson, you will cover NAT (network address translation) and its subset: PAT (port address translation). The idea is that your local area network is hidden behind a firewall or some other screening device, and then is connected out to the internet (which poses quite a threat to our internal environment). We need to make sure we have multiple layers of defense in protecting our internal network from the external network. Originally NAT was a one-to-one mapping; for every internal host that you had, you would have an external IP address. Important facts about NAT/PAT:
- It is a proxy that works without special software and is transparent to the end users
- It will remap IP addresses, allowing you to use private addresses internally and map them to public IP addresses
- NAT allows multiple private addresses to share one public address
The problem with NAT by itself is; for every internal host, you will need the same number of external interfaces. Nat has a subset: PAT, which allows you to have one public interface and numerous internal hosts. Ultimately what NAT does is; it intercepts traffic, strips the source address from the traffic and replaces it with its own external IP address as the source. The lesson will close with a discussion on configuration management. - It's defined by ISC2 as "a process of identifying and documenting hardware components, software, and the associated settings."
- The goal is to move beyond the original design to a hardened, operationally sound configuration
- Identifying, controlling, accounting for and auditing changes made to the baseline TCB
- Will control changes and test documentation through the operational life cycle of a system
- Implemented hand in hand with change control
- Essential to disaster recovery