Table of Contents
Advertisement
The need for address translation
1.1 The need for address translation
IP addresses
While the number of available addresses seems large, the Internet is growing at such
a pace that it will soon be exhausted. The next generation IP protocol, IP version 6,
allows for more addresses, but it will take years before the existing network
infrastructure will be fully migrated to the new protocol.
Address translation allows a single device, such as the SpeedTouch™, to act as an
agent between the Internet (or public network) and a local (or private) network. This
means that only one, unique IP address is required to represent an entire group of
computers. The outside world is unaware of this division and thinks that only one
computer is connected.
Security
Many people view the Internet as a "one-way street"; they forget that while their
computer is connected to the Internet, the Internet is also connected to their
computer. That means that anybody with Internet access can potentially access
resources on their computers (such as files, e-mail, company network etc.). Most
personal computer operating systems are not designed with security in mind, leaving
them wide open to attacks from the Internet.
The security implications can be disastrous. Confidential company information such
as product plans or marketing strategies can be stolen, this can lead to major
financial losses or even cause the company to fold.
Implementing address translation automatically provides firewall-style protection
between your private network and public networks (the Internet or other public
networks). Address translation only allows connections that originate from inside the
private network. Basically, this means that a computer on a public network cannot
connect to your computer unless your computer has initiated the contact. You can
browse the Internet and connect to a site, and even download a file; but somebody
else cannot latch onto your IP address and use it to connect to a port on your
computer.
In specific circumstances (static address translation) devices from public networks
are allowed to initiate connections to computers on the private network. This is only
done when specifically granted by the local network after appropriate configuration.
!
The device performing address translation should be secure/protected.
Administration
A real benefit of address translation is apparent in network administration. For
example it is possible to move a Web server or FTP server to another host without
having to worry about broken links. Simply change the inbound mapping at the
Internet Gateway to reflect the new host location. Also changes in the private
network are easily made without any problems, because the only public IP address
either belongs to the Internet Gateway or comes from a pool of global addresses.
E-NIT-CTC-20040716-0004 v1.0
8
Advertisement
Table of Contents
