When you are designing a security solution for Internet access, you should consider the access controls in both directions.
What type of control do you want to have over internal users and the material that they can access on the Internet?
What type of control do you need to have over Internet users and what they can access on your internal network?
Will you need to access corporate resources via the Internet?
If so, will you need the data to be secure during its transit over the public network?
Because an internal network behind a NAT server uses private IP addresses, it is secure from Internet intruders by design.
However, you can host resources on the internal network and make those resources available to Internet users. NAT allows you to control which
resources on the internal network will be available to Internet users without exposing your entire internal network's resources; you limit
access to particular machines, and to particular services on those machines.
By the end of this module, you will know how to do the following things to enhance the security of a NAT solution:
Describe how IP filters enhance NAT security
Allow access using address pools and special ports
Enhance NAT security with VPN connections
List the strategies used to enhance the availability and performance of NAT
In the next lesson, you will become familiar with the strategies available in Windows® 2000 to secure a
NAT solution and to restrict Internet traffic using IP filters.