-
Notifications
You must be signed in to change notification settings - Fork 3
Network Address Translation
Concepts Nat act as a traffic controller in network, translating local ip address into public ip address and vice versa.
It prevent the exhaustion of Ipv4 address by allowing multiple devices to share a single public address. Nat manage communication between devices in a private network and the internet.
Types of Nat
Static Nat:- Each private Ip address is mapped to a specific public Ip address permanently. Suitable for devices requring constant accesibility from the internet. like web servers.
Ensure Reliable and consistent communicate but can be costly due to the one-to-one Ip mapping.
Dynamic Nat:- Shares a pool of IP address among multiple private Ip address.
Address flexibility as private Ip use any avaiable public IP from the pool.
Ideal for orginizations with mov edevices from available public Ips, balancing cost and efficiency.
Allow multiple device in aprivate network is s hare a single Public Ip address. Distinguishes device based on unique soure port numbers, enabling simultaneous communication.
Efficiency utilizes public Ips but can lead to slower speeds it too many devices share the same Ip.
Identify public and private interfaces on network devices.
Specify public and private Ip address and goes of Nat(static, dynamic or Pat)
Apply and verify Nat configuration to ensure correct functionality.
Confirm Nat configuration accuracy, including Ip address and routing tables.
Check routing setting to ensure packets reach their destination.
Use tool like ping or traceroute to track packet path and verify address translation in Nat tables.
Inspect firewall settings for potential conflicts with Nat translation
Analayze log and debug information for error message related to Nat or packet drops.
Nat provides obscurity by hiding private Ip address from external Networks, reducing hacking risks.
It reduces the attack surface by consolidating multiple Ip into a single external Ip.
Creates isolation between internal networks and the internet, enhancing security.
Protect against Ip spoofing attack by verifying source and destination Ip address.
Explanation
In manual Ip assignment you, as the network admininstrator manually configure the Ip address setting for each device on the network.
This includes specifying The ip address, subnet mask, default gateway, and Dns server address
Benefits Provides full control over Ip address allocation allow for specific network configuration tailored to each device needs.
Challenges
time consuming and labor-intensive pronte to human error suc as duplicate IP addresses or incorrect configurations
Use Case:- Suitable for small network with a limited number of device where preceise control over IP addressing in necessary.
Explanation
DHCP automates of assigning Ip address to device on the network when a device connects to a network, it sends a Dhcp request , and the Dhcp server dynamically assign ansca available Ip address along with over network configurations parameters.
Benefits
saves times and efforts by eliminating manual Ip assignment, handle Ip address conflicts supports dynamic allocation IP addresses.
Challenges
Relies on functioning of DHCP server, network disruption if the DHCP server is unavailable
Use cases
Ideal for medium for large networks where scalability and efficient Ip address management are crucial.
Explanation
APIPA is tallback mechanism used when a device cannot obtain an Ip address from DHCP.
It assign a temporary IP address from the reversed APIPA range (169.154.0.1) to 169.254.255.224 to Facaliates local network communication
Benefits
Ensures devices can communicate within the local network even without a DHCP server, prevents complete network isolation in case of DHCP server failure.
Challenges
Limited functionality as APIPA addresses cannot access the internal or other subnets temporary soloution until DHCP service are restored.
Use Case
Act as a backup in network where DHCP server availability is uncertain or during DHCP server maintainance
Explanation:- Ip reservation allow the DHCP server to reserve specific Ip address for designated device based on their mac addresses. This ensure that certain devices always require the same Ip address whenever they connect to the network.
Benefits
Provides and consistent and predictable Ip addres for critical devices such as servers, printer or network equipment, simplifies network management.
Challenges
Requires configuration and management with the DHCP server, may not be necessary for all devices on the network
Use Case
Particularly useful for devices that require static Ip address for operation stability and accesiblity.
In-depth notes
Manual Assignment
Customized configuration suitable for small networks but required Meticious management as the networks expands
Automatic Assignment (DHCP)
Streamlines Ip address allocation, recommend for medium for large network for efficient resource utilization.
APIPA
Act as a contingency plan, ensure basic network connectivity during DHCP server down time or configuration issues.
Ip reservation
Ensure consistency for important devices, reduces the risk of Ip conflicts and simplifies network troubleshooting for designated devices.
Definition
Mac address spoofing is the act of altering the mac address of a device to impersonate another device or to hide the true identity of the device
Note
A mac address is like a unique identify and for devices on a network. It helps devices communicate with each other effectively.
Purpose
It can be used for legitmate purpose like enhancing privacy by preventing tracking based on Mac adddress, however, it's often exploited maliciously by bypass netwrk access controls or to conduct activities anonymously.
Note
helps device communicate within network segment
Format
48-bit number (12 hexadecimal digits) usually displayed in six pairs (e.g 1A-2B-3C-4D-5E-6F)
Definition
Mac address filtering is a security measure used in router and access poitns to contorl network accross based on Mac address.
Implementation
Administrators create list of allowed (whitelist) or denied (blocklist) Mac address.
only device with Mac addresses on the whitelist can connect to the network, white those on the blacklist are blocked.
Limitations
While Mac address filtering adds a layer of security, it not fool proof due to Mac address spoofing. Hacker can sniff Mac address of authorized device and used them to bypass filtering.
Complimentary
Mac address filtering should be combined with other security measures like strong encryption, firewalls, intrusion detection systems, and regular security audit for comprehensive network security.
challenges
In large network, managing Mac address can be complex due to the sheer number of devices. Keeping track of Mac address ensuring uniqueness, and updating access control list can be daunting tasks.
Tools and soloution
Network administrators use Mac address management tools and techniques to streamline these process. These tool automate Mac address tracking, assist in policy enforcement and enchance network visibility.
Best Practices
Implementing centralized Mac address management, regularly updating access control lists, and monitoring for unauthorized Mac address activity are crucial best practices.
Device identification
Mac address are used not only for network communication but also for devices identification in various contexts like device provisioning network troubleshooting and asset tracking.
Unique Identifiers
While Mac address are Theoterically unique instances of Mac address duplication can occur due to error or malicious activities like Mac address cloning addressing and resolving these duplications are important for network integrity.
No two devices globally share the same Mac address
consist of an orginization unique identification (OUI) and a serial number. indicating the manufacturer and device uniqueness.
Mac address:- Local identifier for devices within a network segment
Ip address:- Used for routing data across networks layer.
How mac address work
Assigned to devices network interface controller (NIC) for communication at the data link layer.
Help directed data packets within a local netowrk
Comprises six pair of hexadecimal digits
First three pair represents the manufactures (OUI), and the reamining three pair are device specific
Changing the Mac address of a device to another address. legitmate use for privacy but can be misused to unauthorized network access.
Security method allowing or denying network access based on Mac address.
can be bypassed through Mac address spoofing so it's not toolproof.
Mac address play a vital role in network communication ensuring data reaches the correct devices within local network. understanding their structure, uniqueness and security implication is essential for network management security pactices
Imagine a massive party where everyone's invited, representing different network, internetworking is like having a magic key that allow seamless interaction between these networks, remain them part of a larger, interconnected network like the internet. this about creating bridges between independent network so they can share information and resources.
Routers are compared to digital postmen, responsible for delivering data packet between different networks. They connect local networks to the broader internet, acting as gatekeeper to ensure data reaches its destination accurately.