Page 903 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 903
Network Address Translation
The goals of hiding the identity of internal clients, masking the design
of your private network, and keeping public IP address leasing costs to
a minimum are all simple to achieve through the use of network
address translation (NAT). NAT is a mechanism for converting the
internal IP addresses found in packet headers into public IP addresses
for transmission over the internet.
NAT was developed to allow private networks to use any IP address set
without causing collisions or conflicts with public internet hosts with
the same IP addresses. In effect, NAT translates the IP addresses of
your internal clients to leased addresses outside your environment.
NAT offers numerous benefits, including the following:
You can connect an entire network to the internet using only a
single (or just a few) leased public IP addresses.
You can use the private IP addresses defined in RFC 1918 in a
private network and still be able to communicate with the internet.
NAT hides the IP addressing scheme and network topography from
the internet.
NAT restricts connections so that only traffic stemming from
connections originating from the internal protected network is
allowed back into the network from the internet. Thus, most
intrusion attacks are automatically repelled.
Are You Using NAT?
Most networks, whether at an office or at home, employ NAT.
There are at least three ways to tell whether you are working within
a NATed network:
1. Check your client’s IP address. If it is one of the RFC 1918
addresses and you are still able to interact with the internet,
