Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Double NATting

Double NATting 12 years 2 months ago #14309

  • beexo
  • beexo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 78
  • Thank you received: 0
Does double natting make any sence as far as security is concerned?

I know that it will make some configurations harder, such as VPN, or to allow incoming traffic to a DMZ. But aside from this, is it worth it?

Re: Double NATting 12 years 2 months ago #14312

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
If are not running any publically accessible services from inside your network, double natting may have some value in that an attacker would need to breach two layers of security. However, if you are opening ports up to the public, any vulnerabilities introduced as a result of the internal servers running on those ports will still be present.

Re: Double NATting 12 years 2 months ago #14313

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 613
  • Thank you received: 0
NAT was not designed for security, some security benefits come as a side-effect but they should not be overestimated and NAT should never be used in place of filtering! NAT offers no security advantages over a default-deny policy firewall in place, the opposite occurs.

Adding multiple NAT gateways one right after the other, would offer no real security benefits since NAT is a transparent technology. Like Dalight said, if an attacker manages to get access to your intranet through a NAT gateway, multiple NAT gateways wouldn't make any difference, as effectively the same resources would be available to him in both cases. It could make some difference if the attacker was to gain access to the outer gateway, since he still wouldn't be able to contact the LAN hosts directly, however well configured routers are invisible and almost impossible to break into in the first place!

So if you want to improve security, your first choise should be to set a firewall with a sensible default-deny policy instead.
  • Page:
  • 1
Time to create page: 0.141 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup