• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3725
  • Last Modified:

Is NAT only acceptable as a firewall setting

I have a newly setup Actiontec M1000 ADSL modem for use with DSL service.  The default firewall setting is NAT only.  Is that acceptable for security purposes?  Would configuring it with both a high level firewall setting and also NAT provide any better security?
0
desertratr
Asked:
desertratr
  • 3
  • 2
  • 2
  • +2
1 Solution
 
thursdasyCommented:
You should just setup the firewall if it's available on your router. There should be no need for NAT setup on a home router.
0
 
fdduranCommented:
An unconfigured NAT usually blocks all connections from the internet to your computers behind the router. That gives plenty of security to all computers behind it from attacks coming from outside, however it does not block connections from your network to the internet, of from your network to your network. In other words it does  not protect your computers from each other and does not guarantee that a previously infected computer be unable to contact its overlord.

@thursdasy: Every IP Router implements NAT, home routers too, otherwise they wouldn't be routers.
0
 
tankergoblinCommented:
NAT is Network Address Translation.

NAT  improve security by reusing IP addresses.
It prevent shortage of IP address.

When any PC use an unregistered IP address then NAT needed to communicate with rest of the world.

NAT can also do

- Static NAT/Port forward
- Dynamic NAT
- Overloading/PAT
- Overlapping


0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
tankergoblinCommented:
You can take telecommunication as an example where

in your office you have a office telephone number with extension. No outsider knows your extension number but only know your main office number. When some one is looking for you  an operator will check on the routing table. If the name and extension is match, then the call will be establish.

0
 
rsivanandanCommented:
Somehow it does get echoed that NAT is for security. NAT was never meant for security and does provide no security by hiding the ip address as well. NAT is available for all the routers so that you can change to a public ip when you're on internet.

So do not consider NAT for security. Even if you NAT, the other party can identify your true ip address with the latest of browsers and technologies available now, unless you're paranoid and pretty much tighten up all the security.

Another way to look at it, say you have 10.1.1.1 and you NAT it to 100.1.1.1, still anything that contacts 100.1.1.1 goes to 10.1.1.1 and NAT has no functionality to prevent it. It is the firewall's other mechanism's (like access-lists) that blocks/allows connections and NAT by itself doesn't do anything other than converting the ip to and fro.

Hope that explains.

Cheers,
Rajesh
0
 
wizzardofozCommented:
NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This is only part of what a good firewall does, things like Stateful Packet Inspection(SPI) go further by checking whether the incoming packet makes sense for the current connection, ie is it using the same protocol, is it trying to start an already started connection etc. Though I could not find documentation for your modem I suspect that this is what the firewall setting does.

Outbound protection is rare and difficult to administer on a router except in enterprises. It is usually the function of software on your computer. This will prevent unauthorized programs from connecting to the internet. I highly doubt your router has any such functions.

The summary, turn the firewall setting on unless your connection is exhibiting problems, and do not assume that this takes away the need for a firewall on your computer.

As for the hiding your IP thing, any connection between you and another computer by definition means that the other computer has your public IP address no firewall can prevent that. Some will strip browser headers so that websites cannot see what version of Windows you are running etc.
0
 
rsivanandanCommented:
>>NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This line above seems misleading. Even if we don't have NAT, a firewall would prevent any unsolicited inbound packets, doesn't it?

Cheers,
Rajesh
0
 
wizzardofozCommented:
I agree and so stated in the next line
>This is only part of what a good firewall does
My aim was to explain why people say that the NAT provides some protection.
0
 
rsivanandanCommented:
Oh okay, I misread wizzard.

Cheers,
Rajesh
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now