Hello friends, lets have some discussion on NAT & Proxy today. in this article i am going to highlight some differences between NAT & Proxy specially from security point of view, as we all knows these two terms can be define as follows
NAT - Network Address Translation which can be used to translate source/destination address and source/destination port as per our need.
Proxy - Proxy is a node which works on behalf of server/client
now if we will compare these two from security point of view starting from NAT it can be used to mask your original address/port from outsiders with the help of translation but it used to create direct circuit ( communication path ) between client and server. if a client request for a session through NAT this packet will be processed by NAT enforcement node and only address/port will be translated within header as per your configuration and packet will be forwarded to server having all other header information intact and vice versa for reply packet so outsiders will not be able see original address/port but rest of header information will be visible. on other hand proxy can be used to mask you original address along with few more security options like authentication and in case of proxy there is no direct circuit between client and server that's why proxy can be referred as Circuit Level Gateway as well, because it use to break your circuit and maintain two circuits one between client to proxy and other between proxy to server. if a client request for a session through proxy then this request packet will be processed by proxy itself and it start pretending as server for client and take only payload of client packet excluding complete header information and then craft a new packet for the server with new header information and to server it start pretending as client and vice versa for reply packet so outsiders will not be able to see any header information including your original address/port they can see proxy header instead.
In summary proxy is more secure than NAT as it hides complete header and it may provide authentication & caching too but NAT is faster than proxy when it comes to performance.
I hope it will help you to understand security differences between these two widely used security options in today's computer networks. :-)
NAT - Network Address Translation which can be used to translate source/destination address and source/destination port as per our need.
Proxy - Proxy is a node which works on behalf of server/client
now if we will compare these two from security point of view starting from NAT it can be used to mask your original address/port from outsiders with the help of translation but it used to create direct circuit ( communication path ) between client and server. if a client request for a session through NAT this packet will be processed by NAT enforcement node and only address/port will be translated within header as per your configuration and packet will be forwarded to server having all other header information intact and vice versa for reply packet so outsiders will not be able see original address/port but rest of header information will be visible. on other hand proxy can be used to mask you original address along with few more security options like authentication and in case of proxy there is no direct circuit between client and server that's why proxy can be referred as Circuit Level Gateway as well, because it use to break your circuit and maintain two circuits one between client to proxy and other between proxy to server. if a client request for a session through proxy then this request packet will be processed by proxy itself and it start pretending as server for client and take only payload of client packet excluding complete header information and then craft a new packet for the server with new header information and to server it start pretending as client and vice versa for reply packet so outsiders will not be able to see any header information including your original address/port they can see proxy header instead.
In summary proxy is more secure than NAT as it hides complete header and it may provide authentication & caching too but NAT is faster than proxy when it comes to performance.
I hope it will help you to understand security differences between these two widely used security options in today's computer networks. :-)
Not fully agreed, yes proxy is secure as it provide protection up to 7th layer of OSI,
ReplyDeleteBut it has some constraints - it is restricted to some ports or service only- can not be used widely for anything, on the other hand - NAT is some thing which is used to translate - Source /Destination / Ports . It works on all the services/ports - for example telnet/ssh/IPSEC VPN.
In other words - Proxy and NAT has their own functionality - and can be deployed according to requirement/budget only.
There are multiple devices - which provides solution differently, so in the end all comes to your company infrastructure and budget only.
Good Luck :)
Sir, in this article Proxy is not considered as replacement of NAT so i haven't compare all the features offered by them instead wanted to highlight security difference between these two considering a scenario where NAT and proxy both are feasible to use. i have just compared their working that if in a certain scenario if you will use NAT or Proxy then what will be difference from security point of view. NAT offer wider covering of protocols but for a common (which is supported by proxy & NAT both)protocol Proxy is always secure than NAT that is what explained in this article. please correct me if you still think that i am wrong
ReplyDeleteNo Santosh, you are right as i said earlier proxies are secure - because it provide up to 7th layer of protection.
ReplyDeleteyou are doing good, cheers :)