Every computer connected to the Internet is exposed to dangers. For myself and many others the benefits of using the Internet far exceed the possible dangers. We can minimize the dangers if we corollary some basic security principles both for our home and office computers.
Let's start with how we join together to the Internet using a wired connection. Many home users and small businesses join together to the Internet through a Cable/Dsl modem. This type of relationship is an always on connection. As long as our computers are powered on we are connected to the Internet and exposed to dangers. We increase the danger if we join together our Pc directly to the Cable/Dsl modem. Computers connected in this way will receive a Dhcp collective Ip address from their Internet service Provider. What this means is that our Pc is both descriptive and accessible directly from the Internet. This exposes us to Internet scanning, worms, and hackers. If we don't have a software firewall installed then our Pc can be undoubtedly compromised and our data stolen.
Even though a software firewall can lessen the dangers we are exposed to when we join together in this way, I don't advise this method. A great clarification would be to use a Cable/Dsl Nat router. The Nat router would join together directly to the Cable/Dsl modem and then our computer or computers would join together to the Nat router. Why is this safer?
One of the key benefits of Nat (Network Address Translation) routers is that the router hides the internal Ip address of your computer or computers. The Internet sees you as a particular motor with a particular Ip address. This effectively masks the fact that one or many computers on the Lan side of the router may be sharing that one Ip address. This not only provides security benefits but also financial ones. Nat enables you to have more than one computer on your home or office network while you only have to pay for one collective Ip address from your Isp.
How does Nat work? When you turn on your computer you will receive an Rfc1918 private Ip address from your router. Commonly with most Cable/Dsl routers this will be on an 192.168.x.x subnet. This internal private Ip will have to be changed or Natted to a collective address in order for you to be able to entrance the Internet. Since all computers on the Lan side of the router will share the same particular Ip address, the router keeps track of these outbound connections through Pat (Port Address Translation). Here is what happens. When you make an outbound call to Google, the Nat router receives this ask and changes your private Ip of (192.168.1.20 for example) to a collective Ip address say (12.46.115.225) and a port whole of 2500 making it (12.46.115.225:2500). A second computer on the same Lan with an Ip of (192.168.1.21) also makes an outbound ask at the same time. This computer will be assigned the same collective Ip but a separate port whole say 2501 making it (12.46.115.225:2501). The Nat router keeps track of these connections in a table. It uses this table to match return connections to the strict computer on the private Lan side of the router.
This is the undoubtedly good part and why the router provides added security. All traffic arriving at the Nat router that does not exactly match the traffic in the router's table is discarded as unwanted traffic. This basically stops all unwanted inbound traffic originating from Internet scanning, worms, and hackers, protecting our computers on the private Lan side of the router from unwanted traffic from the Internet. So if you don't already have a Nat router why not get one. The added security benefits are undoubtedly worth the added expense.
Of course for a Nat router to contribute its full benefits it has to be configured correctly. I will discuss this as well as the following subjects in time to come articles: how to obtain wireless networks, how to make a server available to Internet users through port forwarding safely, what is a Dmz and what are its benefits, and how can adding a second Nat router contribute even greater security. Please feel free to contact me with any questions or comments.
Why Use a Nat Router?Netgear WGR Series Routers Lazio Highlight Videos Netgear Wireless N Router