Lesson 6
Securing Nat Designs Conclusion
This module introduced you to the process of securing and enhancing NAT designs for availability.
It began by detailing the strategies available for securing a NAT solution. It then illustrated the methods of allowing access using address pools and special ports. Finally, it listed the design options that improve NAT security using VPN.
By now, you should know how to employ the following options to enhance the security of a NAT solution:
- Restrict Internet traffic using IP filters
- Allow access to private network resources using address pools and special ports
- Enhance NAT security with VPN connections
- Enhance a NAT design for availability and performance
NAT Glossary Terms
Here is a list of terms used in this module that may be new to you:
- ISO: ISO is an independent, non-governmental international organization with a membership of 162 National standards bodies.
- L2TP: In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by
ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy.
- PPTP: The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks, with many known security issues. PPTP uses a TCP control channel and a GRE tunnel to encapsulate PPP packets.
- Packet Filtering: Also referred to as static packet filtering. Controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination.
Packet filtering is one technique, among many, for implementing security firewalls.
- Port: A network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite,
such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).
- IPSec:In computing, Internet Protocol Security (IPsec) is a network protocol suite that authenticates and encrypts the packets of data sent over a network.
IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to use during the session.
- MMC: Microsoft Management Console (MMC) is an extensible common presentation service for management applications. MMC is included in the Windows 2000 operating system.
In the next module, you will learn how to design a functional Proxy Server solution.
Secure Enhance Nat - Exercise