Solved

Is NAT only acceptable as a firewall setting

Posted on 2009-05-03
9
2,587 Views
Last Modified: 2013-12-14
I have a newly setup Actiontec M1000 ADSL modem for use with DSL service.  The default firewall setting is NAT only.  Is that acceptable for security purposes?  Would configuring it with both a high level firewall setting and also NAT provide any better security?
0
Comment
Question by:desertratr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 2

Expert Comment

by:thursdasy
ID: 24291850
You should just setup the firewall if it's available on your router. There should be no need for NAT setup on a home router.
0
 
LVL 2

Expert Comment

by:fdduran
ID: 24291944
An unconfigured NAT usually blocks all connections from the internet to your computers behind the router. That gives plenty of security to all computers behind it from attacks coming from outside, however it does not block connections from your network to the internet, of from your network to your network. In other words it does  not protect your computers from each other and does not guarantee that a previously infected computer be unable to contact its overlord.

@thursdasy: Every IP Router implements NAT, home routers too, otherwise they wouldn't be routers.
0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292093
NAT is Network Address Translation.

NAT  improve security by reusing IP addresses.
It prevent shortage of IP address.

When any PC use an unregistered IP address then NAT needed to communicate with rest of the world.

NAT can also do

- Static NAT/Port forward
- Dynamic NAT
- Overloading/PAT
- Overlapping


0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292119
You can take telecommunication as an example where

in your office you have a office telephone number with extension. No outsider knows your extension number but only know your main office number. When some one is looking for you  an operator will check on the routing table. If the name and extension is match, then the call will be establish.

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24292468
Somehow it does get echoed that NAT is for security. NAT was never meant for security and does provide no security by hiding the ip address as well. NAT is available for all the routers so that you can change to a public ip when you're on internet.

So do not consider NAT for security. Even if you NAT, the other party can identify your true ip address with the latest of browsers and technologies available now, unless you're paranoid and pretty much tighten up all the security.

Another way to look at it, say you have 10.1.1.1 and you NAT it to 100.1.1.1, still anything that contacts 100.1.1.1 goes to 10.1.1.1 and NAT has no functionality to prevent it. It is the firewall's other mechanism's (like access-lists) that blocks/allows connections and NAT by itself doesn't do anything other than converting the ip to and fro.

Hope that explains.

Cheers,
Rajesh
0
 
LVL 4

Accepted Solution

by:
wizzardofoz earned 500 total points
ID: 24292846
NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This is only part of what a good firewall does, things like Stateful Packet Inspection(SPI) go further by checking whether the incoming packet makes sense for the current connection, ie is it using the same protocol, is it trying to start an already started connection etc. Though I could not find documentation for your modem I suspect that this is what the firewall setting does.

Outbound protection is rare and difficult to administer on a router except in enterprises. It is usually the function of software on your computer. This will prevent unauthorized programs from connecting to the internet. I highly doubt your router has any such functions.

The summary, turn the firewall setting on unless your connection is exhibiting problems, and do not assume that this takes away the need for a firewall on your computer.

As for the hiding your IP thing, any connection between you and another computer by definition means that the other computer has your public IP address no firewall can prevent that. Some will strip browser headers so that websites cannot see what version of Windows you are running etc.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24293262
>>NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This line above seems misleading. Even if we don't have NAT, a firewall would prevent any unsolicited inbound packets, doesn't it?

Cheers,
Rajesh
0
 
LVL 4

Expert Comment

by:wizzardofoz
ID: 24294249
I agree and so stated in the next line
>This is only part of what a good firewall does
My aim was to explain why people say that the NAT provides some protection.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24295514
Oh okay, I misread wizzard.

Cheers,
Rajesh
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question