Page 904 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 904
then you are on a NATed network.
2. Check the configuration of your proxy, router, firewall, modem,
or gateway device to see whether NAT is configured. (This
action requires authority and access to the networking device.)
3. If your client’s IP address is not an RFC 1918 address, then
compare your address to what the internet thinks your address
is. You can do this by visiting any of the IP-checking websites; a
popular one is http://whatismyipaddress.com. If your client’s
IP address and the address that What Is My IP Address claims
is your address are different, then you are working from a
NATed network.
Frequently, security professionals refer to NAT when they
really mean PAT. By definition, NAT maps one internal IP address
to one external IP address. However, port address translation
(PAT) maps one internal IP address to an external IP address and
port number combination. Thus, PAT can theoretically support
65,536 (2^16) simultaneous communications from internal clients
over a single external leased IP address. So with NAT, you must
lease as many public IP addresses as you want to have for
simultaneous communications, while with PAT you can lease fewer
IP addresses and obtain a reasonable 1000:1 ratio of internal
clients to external leased IP addresses. The practical limit seems to
be a ratio of 4,000 internal systems to a single public address.
NAT is part of a number of hardware devices and software products,
including firewalls, routers, gateways, and proxies. It can be used only
on IP networks and operates at the Network layer (layer 3).
Private IP Addresses
The use of NAT has proliferated recently because of the increased
scarcity of public IP addresses and security concerns. With only
32
roughly 4 billion addresses (2 ) available in IPv4, the world has
