A NAT as a Firewall

In its simplest configuration, our NAT is an effective firewall, as it will not permit any intrusion from the outside. Only messages that exactly match a connection are permitted to pass from the Internet into the Intranet. This means that only messages that are in response to requests may enter the Intranet.

What About Internal Servers?

Many users need an internal server for email, and the NAT is willing to help. You may configure it to accept incoming service requests for any service and re-map those requests to one or more internal server. Up to 64 simultaneous service mappings may be configured with the current NAT products.

You must explicitly permit each service, though. This is the opposite of a traditional router, since those start out permitting anything, and must be taught to block things that are dangerous. This is very tricky with every router ever built. Our approach doesn't require you to think of every vulnerability, but rather of just the services you wish to offer. Needless to say, this is much more reliable.

Secret Network

Our NAT products conceal your Intranet's IP Addresses from the outside world, by substituting a registered IP Address into each message going out into the Internet. This conceals the nature of your network and the number of computers you have. To the outside world, you appear to have just one big busy computer running a confusing array of applications.

Is this important? Yes indeed! If a potential intruder suspects that you have a complex intranet, he will spend a great deal of time trying to determine the nature and susceptibility of your various hosts. He knows that it's hard enough to secure a single computer, but nearly impossible to think of everything on an entire network of various machines. With on of our NATs between you and this opponent, he can only attack the NAT or the very few external services that you enable.

Are You a Target?

If you believe that you will be a target for invasion from the Internet, you will get more help from our NAT. A configuration option allows the diversion of all incoming service requests (that you have not explicitly permitted) to a specially-instrumented internal computer for analysis. You may build as many traps as you wish on this computer, commonly referred to as a "honey pot machine." At the minimum, you should log every inbound request.

This page was last modified on April 19, 1996.

This information is proprietary to Network Safety. Network Safety, WebElite, DialNAT, FrameNAT and NetNAT are trademarks of Network Safety. For information on our products and services, please contact our sales department. This page was prepared using WebElite, our professional editor for the Web.