Solved

Is NAT only acceptable as a firewall setting

Posted on 2009-05-03
9
1,783 Views
Last Modified: 2013-12-14
I have a newly setup Actiontec M1000 ADSL modem for use with DSL service.  The default firewall setting is NAT only.  Is that acceptable for security purposes?  Would configuring it with both a high level firewall setting and also NAT provide any better security?
0
Comment
Question by:desertratr
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 2

Expert Comment

by:thursdasy
ID: 24291850
You should just setup the firewall if it's available on your router. There should be no need for NAT setup on a home router.
0
 
LVL 2

Expert Comment

by:fdduran
ID: 24291944
An unconfigured NAT usually blocks all connections from the internet to your computers behind the router. That gives plenty of security to all computers behind it from attacks coming from outside, however it does not block connections from your network to the internet, of from your network to your network. In other words it does  not protect your computers from each other and does not guarantee that a previously infected computer be unable to contact its overlord.

@thursdasy: Every IP Router implements NAT, home routers too, otherwise they wouldn't be routers.
0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292093
NAT is Network Address Translation.

NAT  improve security by reusing IP addresses.
It prevent shortage of IP address.

When any PC use an unregistered IP address then NAT needed to communicate with rest of the world.

NAT can also do

- Static NAT/Port forward
- Dynamic NAT
- Overloading/PAT
- Overlapping


0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292119
You can take telecommunication as an example where

in your office you have a office telephone number with extension. No outsider knows your extension number but only know your main office number. When some one is looking for you  an operator will check on the routing table. If the name and extension is match, then the call will be establish.

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 32

Expert Comment

by:rsivanandan
ID: 24292468
Somehow it does get echoed that NAT is for security. NAT was never meant for security and does provide no security by hiding the ip address as well. NAT is available for all the routers so that you can change to a public ip when you're on internet.

So do not consider NAT for security. Even if you NAT, the other party can identify your true ip address with the latest of browsers and technologies available now, unless you're paranoid and pretty much tighten up all the security.

Another way to look at it, say you have 10.1.1.1 and you NAT it to 100.1.1.1, still anything that contacts 100.1.1.1 goes to 10.1.1.1 and NAT has no functionality to prevent it. It is the firewall's other mechanism's (like access-lists) that blocks/allows connections and NAT by itself doesn't do anything other than converting the ip to and fro.

Hope that explains.

Cheers,
Rajesh
0
 
LVL 4

Accepted Solution

by:
wizzardofoz earned 500 total points
ID: 24292846
NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This is only part of what a good firewall does, things like Stateful Packet Inspection(SPI) go further by checking whether the incoming packet makes sense for the current connection, ie is it using the same protocol, is it trying to start an already started connection etc. Though I could not find documentation for your modem I suspect that this is what the firewall setting does.

Outbound protection is rare and difficult to administer on a router except in enterprises. It is usually the function of software on your computer. This will prevent unauthorized programs from connecting to the internet. I highly doubt your router has any such functions.

The summary, turn the firewall setting on unless your connection is exhibiting problems, and do not assume that this takes away the need for a firewall on your computer.

As for the hiding your IP thing, any connection between you and another computer by definition means that the other computer has your public IP address no firewall can prevent that. Some will strip browser headers so that websites cannot see what version of Windows you are running etc.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24293262
>>NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This line above seems misleading. Even if we don't have NAT, a firewall would prevent any unsolicited inbound packets, doesn't it?

Cheers,
Rajesh
0
 
LVL 4

Expert Comment

by:wizzardofoz
ID: 24294249
I agree and so stated in the next line
>This is only part of what a good firewall does
My aim was to explain why people say that the NAT provides some protection.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24295514
Oh okay, I misread wizzard.

Cheers,
Rajesh
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now