Question

Examine the Security measures subnetting, NAT and ACL. Identify the security principles incorporates in creating these defence measures. Explain it as a scenario. 

Briefly explain how Dynamic NAT is more effective than Static NAT.

Answer 1

Subnetting

Subnetting is defined as the process of dividing the network into two or more networks.

Enhancing routing efficiency, network management control and also improving the network security.

Security Measures in subnetting, ACL, NAT

1. Large networks is divide into seperate logical network grouping devices called protected subnets.Each protected subnet must be secured by MSSEI (Minimum Security For Electronic Information) managed firewall to segregate the covered devices from the public internet and the networks hosting non-covered devices.

2. Managed firewall and the other networking devices like routers, switches etc are used to secure the protected subnets and also secured from the physical tampering.

3. Wireless routers should not be physically attached to any data port on the protected subnet, which includes networking devices like firewalls, routers, switches etc. connected to the protected subnet.

4.Covered devices which are connected to the protected subnet should not be simultaneously connected to the wireless network.

NAT

Routers, firewalls, and wireless access points uses a technology called Network Address Translation (NAT) to allow many systems to communicate on the network using the same public IP address.

Security Measures

1.Logging facilities for the NAT devices must be enabled sufficient to identify the specific hosts in response to security incidents.Due to the limited amount of flash memory on such devices, this may require offloading logs to the secondary system,e.g syslog server, especially if many hosts are sharing NAT device.

2.Access to the NAT device must be restricted to the known hosts. NAT device administrators must have a mechanism in place to identify the unique hosts.

ACL

Access control lists (ACLs) performs packet filtering to control the movement of packets through a network. Packet filtering means to provide the security by limiting the access of traffic into a network, restricting user and devices access to a network, preventing traffic from leaving a network.

Access control lists reduces the chance of spoofing and denial-of-service attacks(DOS), and it allows dynamic, temporary user-access through the firewall.

Dynamic NAT is more effective than Static NAT (NETWORK ADDRESS TRANSLATOR)

Static NAT maps the single internal IP address into single IP address permanently

For ex If you have1000 devices then you need to create 1000 static entries in the address translation table. Typically static translation is done for the inside resources that the outside people want to access.

Dyamic NAT maps internal address into the pool of public IP address.It assigned IP address on the basis of first come first serve.

while Dynamic NAT is used when inside use wants to access the external resources. When an inside user sends traffic through the address translation device for ex. router, it examines the source IP address and compares it with the internal local address pool. If there is find a match, then it determines which inside global address pool it should be use for the translation.