What is Network Address Translation and its Types?

Blog / What is Network Address Translation and its Types?

What is Network Address Translation and its Types?

In cybersecurity, how much malicious actors know about you and your company can often determine how successful their cyber attacks will be. One of the most important tasks of the hacking process is reconnaissance, where threat actors learn all about their victim in order to determine optimal targets and uncover vulnerabilities in their network and system. 

With cyber attacks on the rise, going up by 62% globally since 2019, it would seem wise for a company to try to control how much information may exist about them in the public sphere and manage how exposed they are on the internet. 

One old staple that comes up fairly often is Network Address Translation (NAT), but what is it and is it as effective as many are led to believe? 

How Network Address Translation works? 

To access the internet, your device needs an Internet Protocol (IP) address. An IP address, as the name may suggest, identifies and differentiates devices using the internet, which is very important for Transmission Control Protocol/Internet Protocol (TCP/IP), a suite of protocols, rules that computers operate on when communicating with each other on a network. 

However, we can use an IP address in our private network that differs from the public IP address sent over across the internet that anyone can see. 

This is where Network Address Translation (NAT). Network Address Translation is a way to remap IP addresses in a space. It allows you to modify the network address information in the packet heads of an Internet Protocol IP datagram packet as they pass through a NAT router. 

Essentially, the router reads the layer 3 information of the packet and modifies the source or destination IP address given the set net procedure.  

The basic premise of NAT is that it gives us an additional layer of security by shielding the real IP addresses in the company network from being exposed to the outside world across the internet by supplying another, corresponding one in its place.  

How is NAT used? 

NAT can be used in a variety of ways, the most common configuration types being:  

  • Static Mapping, where there’s one-to-one mapping between one IP address and another. Typically, a private/internal address is mapped to a public-facing/external address, every time the NAT substituting the former with the latter before it forwards it on to its destination.  
  • Dynamic NAT utilises a select pool of IP addresses, dynamically mapping each of them to an incoming packet typically from the fixed number of computers allowed to access the internet in an organisation. Although, this is quite costly for an organisation as they have to buy a pool of public IPs. 
  • Static NAT Overloading, also known as Port Address Translation. This is where local IP addresses in an organisation’s private network are converted to a single external/public IP address that represents the entire organisation when they’re sent over the internet. Essentially, hundreds or thousands of users sharing a public IP.  

Static NAT Overloading is one of the most common configurations that organisations employ.  

The reason communication is maintained going in and out of the organisation despite only having a public IP being shared out between users in the organisation is because NAT, for each IP it maps, assigns a unique, identifying layer for source or destination port numbers and maintains a database to keep track of all IPs and port mapping. 

NAT is also commonly used for servers, acting as an intermediary between users accessing them across the world and the protected internal network. A benefit of this is that extra rules can be put in place, such as which ports can be accessed by an IP passing through the firewall from the outside.

Advantages of NAT 

While NAT isn’t considered a particularly strong defence against malicious actors and it can cause issues with applications, it is still a cost-effective, relatively effective means as a first layer of defence against those who want to break into a company’s system.  

The main advantages of NAT are that: 

  • It can provide an extra layer of security by hiding the original source and destination IP addresses. 
  • Provides stricter control of user access on both sides of firewall 
  • It can enhance the reliability and flexibility of connections to the public internet by deploying multiple source pools, load balancing pools, as well as backup pools. 
  • It allows you to use your own private Internet Protocol version 4 (IPv4) addressing system, preventing internal address alterations when there’s a change of service provider. 
  • It also helps with IPv4 exhaustion, helping prevent the depletion of IPv4 addresses, as an infrastructural benefit. 

Disadvantages of NAT 

Of course, NAT can have a number of disadvantages as well, including: 

  • Providing only minimal protection for stateful NAT host inbound attacks, as threat actors readily account for NAT these days. 
  • Lack of security for stateless NAT hosts and stateful NAT host outbound attacks. 
  • As NAT only changes IP in header, web-based functions that include IPs in the body of the message can have problems working through NAT, such as applications that depend on H.323 and Session Initiation Protocol (SIP). 
  • To solve this problem, you can bypass the router but this creates security holes with NAT. 
  • NAT can cause loss of traceability with end-device to end-device IP addresses. 
  • Being quite basic, with no real tools to respond to a cyber attack

To top it off, as the world moves from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6), a more enhanced version of the protocol which launched worldwide in 2012, NAT remains unavailable to IPv6 hosts and, thus, can’t offer any protection. 

Is NAT enough for modern cybersecurity? 

Due to its disadvantages and somewhat limited advantages, NAT is always considered an additional layer of security as opposed to a main, cybersecurity strategy, especially since a number of hacker tools already account for organisations having it and have ways to readily bypass it. 

With cyber attacks growing in sophistication and impact, it’s important for organisations to have robust, up-to-date security that incorporates a variety of function safeguards as well as cybersecurity policies and procedures to defend themselves against threat actors. 

One of the best ways to help do this is with Securiwiser. 

Securiwiser is a security monitoring tool that flags up vulnerabilities and exploits in real-time, presenting them in an easy-to-read dashboard, all the while evaluating your company's cybersecurity posture and giving it a cubit score. It checks your cloud and network security, how much information exists about your company online, including the dark web, misconfigurations, strange port activity, and much, much more. 

Give yourself a free scan today! 

How secure is

your business?

Security test
How secure is

your business?

Security test