Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	When networks fail, hams to the rescue
•	Alliance to promote Windows-managed Macs in enterprise
•	Lockheed Martin gets $89 million to converge DoD distribution networks
•	Clothes don't make this man: Sweatshirt helps nail Citibank card scammer
•	Microsoft readies new try for Yahoo
•	Gartner: Seven cloud-computing security risks
•	Autonomy, Endeca rate among top enterprise search vendors
•	Barracuda countersues Trend Micro in patent case
•	Mozilla's Firefox 3 sets geeky world record
•	Microsoft SharePoint popularity comes with issues
•	IBM mainframe acquisition raises antitrust concerns
•	Diary of a deliberately spammed housewife
•	Report: Tech giants forming 'patent troll' alliance
•	Trojan lurks, waiting to steal admin passwords
•	California enacts cell-phone driving ban
•	More breaking news

Security /

Why require stateful inspection?

Advertisement:

By James Gaskin
Network World, 06/10/02

Isn't network address translation (NAT) security in your SOHO router enough? Not anymore. NAT does a good job controlling addresses, especially when networks have multiple address ranges to manage or not enough addresses to go around. Security improves with NAT because internal IP addresses can't be seen from the outside, making them invisible to hackers.

Yet, NAT breaks some applications. FTP clients and VPN connections often have trouble, for example. And some peer-to-peer protocols and H.323 for videoconferencing require special NAT configuration to work properly. Another problem arises when connecting two networks via VPN and both ends rely on NAT to convert overlapping addresses, such as when both networks use the popular internal 10.0.0.0 network address range.

Advertisement:

Stateful inspection goes an extra step beyond IP filtering firewalls, which automatically leave open certain port numbers for common protocols such as FTP, by forcing incoming FTP packets to match outgoing packets Stateful inspection filters track outgoing packets requesting return packets, such as FTP requests, and allow only incoming packets responding to valid requests.

Don't disable NAT, because you still get benefits through network address translation. Just don't assume using NAT today closes all your security holes.

Back to review: Secure SOHO routers

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.

Click Here

alt text

Click Here

HOME

RESEARCH CENTERS

NEWS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.