Prof. Avishai Wool
Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam.
Tags
Share this article
11/26/13
Published
NAT Network Security
I came across some discussions regarding Network Address Translation (NAT) and its impact on security and the network. Specifically the premise that “NAT does not add any real security to a network while it breaks almost any good concepts of a structured network design” is what I’d like to address.
When it comes to security, yes, NAT is a very poor protection mechanism and can be circumvented in many ways. It causes headaches to network administrators. So now that we’ve quickly summarized all that’s bad about NAT, let’s address the realization that most organizations use NAT because they HAVE to, not because it’s so wonderful. The alternative to using NAT has a prohibitive cost and is possibly impossible.
To dig into what I mean, let’s walk through the following scenario… Imagine you have N devices in your network that need an IP address (every computer, printer, tablet, smartphone, IP phone, etc. that belongs to your organization and its guests). Without NAT you would have to purchase N routable IP addresses from your ISP. The costs would skyrocket! At AlgoSec we run a 120+ employee company in numerous countries around the globe. We probably use 1000 IP addresses. We pay for maybe 3 routable IP addresses and NAT away the rest. Without NAT the operational cost of our IP infrastructure would go up by a factor of x300.
NAT Security
With regards to NAT’s impact on security, just because NAT is no replacement for a proper firewall doesn’t mean it’s useless. Locking your front door also provides very low-grade security – people still do it, since it’s a lot better than not locking your front door.
Related Articles
Unleash the Power of Application-Level Visibility: Your Secret Weapon for Conquering Cloud Chaos
Cloud Security
Mar 19, 2023 · 2 min read
Securing the Future: A Candid Chat with Ava Chawla, Director of cloud security at AlgoSec