You probably what TCP/IP is;any computer using TCP/IP has a unique IP address by which data in the form of packets is sent and recieved from other computers.The process of passing data packets from one computer to another by analysing the "routing tables" to reach the destination is known as routing.
A routing table is a database of defined rules that determines the best path for data packets as they go towards their destination IP address.The process of routing is performed by a device called router.
But the IP addresses used for internal or private networks r not registered;they r reffered to as local IP addresses.These addresses are used for data transmission within the LAN,and r not visible on the internet.For data transmission from the internal network to the internet,the local IP address is registered as global IP address by Network Access Translation (NAT).
NAT provides security by hiding internal IP addresses,enables the use of more IP addresses without the possibility of IP address conflicts , and multiple ISDN(Integrated Services Digital Network) connections aooear as a single internet connections.This provides a first line of defence,but because NAT only translates IP addresses,a firewall is ususlly used in conjuction with a NAT router with security against incoming security data packets from the internet.The firewall could b software or hardware.
In some Detail : NAT
NAT is a standard that enables use of seperate sets of IP addresses for internal and external traffic.The translation of local IP addresses to global IP addresses is one-to-one(one internal address to one global address) or many to many-to-one(a group of internal address to one global address) basis while connectig to the internet.NAT can b used by a computer,a router,or a firewall.
NAT has several forms,such as static,dyanimic,overloading or overlapping.Static NAT translates any unregistered local IP on a one-to-one basis to a registered global IP address.The Internet Assigned Numbers Authority(IANA) has reserved three blocks of the IP address space for private networks:
10.0.0.0-10.255.255.255
(24-bit block)
172.16.0.0-172.31.255.255
(20-bit block)
192.168.0.0-192.168.255.255
(16-bit block)
Any enterprise can use such IP addresses,and these will b unique within that enterprise.When the enterprises needs to connet to the net ,it needs to get a unique global/public IP address from the internet registryThat public network will never b assigned from the three blocks from the private networks.
As an example,192.168.21.14 will b translated as 212.15.48.105 and used for external traffic.Dynamic NAT translates any local unregistered IP address to a registered global IP address from a group or range of global IP addresses.For eg. 192.168.21.14 willb translated to any of the global IP addresses ranging from 212.15.148.105 to 212.15.148.120
In the case of overloading,each IP address on the private network is translated to a registered IP address ,but with a different port number.The internal IP might be in use by any other network.
In some cases,the internal IP range might be a registered range in use by another network.Here the NAT translates addresses to avoid potential conflicts.This is called overlapping.It can be done by using static NAT or by using DNS or dynamic NAT.
Firewalls r intrusion protection systems to prevent packets from unsecured,unknown or unauthorised locations coming in.Firewalls can b softwares or hardware.We have a good no. of tutorials about firewalls but still....NAT router offers packet-filtering firewalls(hardware firewalls).These examine the source IP address and port,to determine wether the packet is to be accepted or dropped.
Hardware Firewall
On a hardware firewall,user created or predefined rules about packets to be blocked from specific TCP/IP ports are configured.The firewall uses a technique of packet filtering by which it examines the header of incoming packets to determine their source and destination.It is then determined wether to take the packet or exclude it.
With hardware firewall only incoming traffic is restricted,and not out going traffic.So a malicious program such as a keylogger,which has already entered the network and is concealed as a safe program,can send information to its destination.
Also,at times,routing through the router is blocked,and peer-to-peer activity on the network is not possible if the private network uses a NAT-enabled router.
There is a debate wether NAT will be necessary,wether it will provide a better security,etc. when IPv6 is implemented.The debate goes on............
A routing table is a database of defined rules that determines the best path for data packets as they go towards their destination IP address.The process of routing is performed by a device called router.
But the IP addresses used for internal or private networks r not registered;they r reffered to as local IP addresses.These addresses are used for data transmission within the LAN,and r not visible on the internet.For data transmission from the internal network to the internet,the local IP address is registered as global IP address by Network Access Translation (NAT).
NAT provides security by hiding internal IP addresses,enables the use of more IP addresses without the possibility of IP address conflicts , and multiple ISDN(Integrated Services Digital Network) connections aooear as a single internet connections.This provides a first line of defence,but because NAT only translates IP addresses,a firewall is ususlly used in conjuction with a NAT router with security against incoming security data packets from the internet.The firewall could b software or hardware.
In some Detail : NAT
NAT is a standard that enables use of seperate sets of IP addresses for internal and external traffic.The translation of local IP addresses to global IP addresses is one-to-one(one internal address to one global address) or many to many-to-one(a group of internal address to one global address) basis while connectig to the internet.NAT can b used by a computer,a router,or a firewall.
NAT has several forms,such as static,dyanimic,overloading or overlapping.Static NAT translates any unregistered local IP on a one-to-one basis to a registered global IP address.The Internet Assigned Numbers Authority(IANA) has reserved three blocks of the IP address space for private networks:
10.0.0.0-10.255.255.255
(24-bit block)
172.16.0.0-172.31.255.255
(20-bit block)
192.168.0.0-192.168.255.255
(16-bit block)
Any enterprise can use such IP addresses,and these will b unique within that enterprise.When the enterprises needs to connet to the net ,it needs to get a unique global/public IP address from the internet registryThat public network will never b assigned from the three blocks from the private networks.
As an example,192.168.21.14 will b translated as 212.15.48.105 and used for external traffic.Dynamic NAT translates any local unregistered IP address to a registered global IP address from a group or range of global IP addresses.For eg. 192.168.21.14 willb translated to any of the global IP addresses ranging from 212.15.148.105 to 212.15.148.120
In the case of overloading,each IP address on the private network is translated to a registered IP address ,but with a different port number.The internal IP might be in use by any other network.
In some cases,the internal IP range might be a registered range in use by another network.Here the NAT translates addresses to avoid potential conflicts.This is called overlapping.It can be done by using static NAT or by using DNS or dynamic NAT.
Firewalls r intrusion protection systems to prevent packets from unsecured,unknown or unauthorised locations coming in.Firewalls can b softwares or hardware.We have a good no. of tutorials about firewalls but still....NAT router offers packet-filtering firewalls(hardware firewalls).These examine the source IP address and port,to determine wether the packet is to be accepted or dropped.
Hardware Firewall
On a hardware firewall,user created or predefined rules about packets to be blocked from specific TCP/IP ports are configured.The firewall uses a technique of packet filtering by which it examines the header of incoming packets to determine their source and destination.It is then determined wether to take the packet or exclude it.
With hardware firewall only incoming traffic is restricted,and not out going traffic.So a malicious program such as a keylogger,which has already entered the network and is concealed as a safe program,can send information to its destination.
Also,at times,routing through the router is blocked,and peer-to-peer activity on the network is not possible if the private network uses a NAT-enabled router.
There is a debate wether NAT will be necessary,wether it will provide a better security,etc. when IPv6 is implemented.The debate goes on............