Solved

Is NAT only acceptable as a firewall setting

Posted on 2009-05-03
9
2,299 Views
Last Modified: 2013-12-14
I have a newly setup Actiontec M1000 ADSL modem for use with DSL service.  The default firewall setting is NAT only.  Is that acceptable for security purposes?  Would configuring it with both a high level firewall setting and also NAT provide any better security?
0
Comment
Question by:desertratr
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 2

Expert Comment

by:thursdasy
ID: 24291850
You should just setup the firewall if it's available on your router. There should be no need for NAT setup on a home router.
0
 
LVL 2

Expert Comment

by:fdduran
ID: 24291944
An unconfigured NAT usually blocks all connections from the internet to your computers behind the router. That gives plenty of security to all computers behind it from attacks coming from outside, however it does not block connections from your network to the internet, of from your network to your network. In other words it does  not protect your computers from each other and does not guarantee that a previously infected computer be unable to contact its overlord.

@thursdasy: Every IP Router implements NAT, home routers too, otherwise they wouldn't be routers.
0
 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292093
NAT is Network Address Translation.

NAT  improve security by reusing IP addresses.
It prevent shortage of IP address.

When any PC use an unregistered IP address then NAT needed to communicate with rest of the world.

NAT can also do

- Static NAT/Port forward
- Dynamic NAT
- Overloading/PAT
- Overlapping


0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 7

Expert Comment

by:tankergoblin
ID: 24292119
You can take telecommunication as an example where

in your office you have a office telephone number with extension. No outsider knows your extension number but only know your main office number. When some one is looking for you  an operator will check on the routing table. If the name and extension is match, then the call will be establish.

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24292468
Somehow it does get echoed that NAT is for security. NAT was never meant for security and does provide no security by hiding the ip address as well. NAT is available for all the routers so that you can change to a public ip when you're on internet.

So do not consider NAT for security. Even if you NAT, the other party can identify your true ip address with the latest of browsers and technologies available now, unless you're paranoid and pretty much tighten up all the security.

Another way to look at it, say you have 10.1.1.1 and you NAT it to 100.1.1.1, still anything that contacts 100.1.1.1 goes to 10.1.1.1 and NAT has no functionality to prevent it. It is the firewall's other mechanism's (like access-lists) that blocks/allows connections and NAT by itself doesn't do anything other than converting the ip to and fro.

Hope that explains.

Cheers,
Rajesh
0
 
LVL 4

Accepted Solution

by:
wizzardofoz earned 500 total points
ID: 24292846
NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This is only part of what a good firewall does, things like Stateful Packet Inspection(SPI) go further by checking whether the incoming packet makes sense for the current connection, ie is it using the same protocol, is it trying to start an already started connection etc. Though I could not find documentation for your modem I suspect that this is what the firewall setting does.

Outbound protection is rare and difficult to administer on a router except in enterprises. It is usually the function of software on your computer. This will prevent unauthorized programs from connecting to the internet. I highly doubt your router has any such functions.

The summary, turn the firewall setting on unless your connection is exhibiting problems, and do not assume that this takes away the need for a firewall on your computer.

As for the hiding your IP thing, any connection between you and another computer by definition means that the other computer has your public IP address no firewall can prevent that. Some will strip browser headers so that websites cannot see what version of Windows you are running etc.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24293262
>>NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This line above seems misleading. Even if we don't have NAT, a firewall would prevent any unsolicited inbound packets, doesn't it?

Cheers,
Rajesh
0
 
LVL 4

Expert Comment

by:wizzardofoz
ID: 24294249
I agree and so stated in the next line
>This is only part of what a good firewall does
My aim was to explain why people say that the NAT provides some protection.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 24295514
Oh okay, I misread wizzard.

Cheers,
Rajesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question