NAT vs. Security

  • Thread starter Thread starter Scott D. Pearson
  • Start date Start date
S

Scott D. Pearson

I need an opinion and/or a recommended solution regarding a home networking
situation..., so here we go.

Current setup:

I have two PC's (running Win2000 Pro) connected via ethernet cables to an
Addtron ADRE200P router (ref:
http://www.pier23.com/proinfo.asp?proNumber=ADRE200P&dept=6555) which is in
turn connnected to my cable modem for internet access (ISP = Time-Warner
Cable Roadrunner). For security, I rely on the NAT feature of the router
and I also run Zone Alarm on each of the PC's.

Proposed setup:

I am considering mounting a 120GB external hard drive (ref:
http://www.iomega.com/support/manuals/networkhd/main.html) DIRECTLY TO THE
ROUTER and making it available to both PC's on my home network.

Question:

Since the external hard drive will not be connected to a PC, that external
hard drive will not be protected by Zone Alarm. The external hard drive will
only be protected by the NAT feature of the router. I have done some reading
on NAT (ref: http://www.homenethelp.com/web/explain/about-NAT.asp) but I am
still wondering if NAT alone is "enough" security for a hard drive with
sensitive information on it?

Note: Addtron seems to have gone belly-up since their website
(www.addtron.com) can no longer be reached. I have an email pending to
Iomega but I suspect they will say, "Sure, our drive will be 100% secure! So
go ahead and buy it!" I'd rather not get an answer from the same guy who may
sell me the drive.

In addition to posting an answer here, directly replies to
(e-mail address removed) would be greatly appreciated.

Best regards,
Scott Pearson
San Antonio, TX
 
Since the external hard drive will not be connected to a PC, that external
hard drive will not be protected by Zone Alarm. The external hard drive will
only be protected by the NAT feature of the router. I have done some reading
on NAT (ref: http://www.homenethelp.com/web/explain/about-NAT.asp) but I am
still wondering if NAT alone is "enough" security for a hard drive with
sensitive information on it?
Click to expand...

Technically NAT offers no true security except the fact that
typically only internal requests can start a conversation, but if
this "hard drive" is going to be useful to you then obvious it
needs to be shared and accessible so in some sense it either
accepts requests or what does it do?

If it accepts requests and you arrange the NAT (port mapping
or address reservations) then it is going to be reachable and only
you can decide if that meets your security needs.

Remember too that for ordinary PCs that use NAT, it is unlikely
(to impossible) for an outside machine to mount an unsolicited
attack but the moment that PC starts making requests it MIGHT
expose itself to malicious sites -- this isn't nearly bad as something
that accepts incoming requests on arbitrary ports but it is not true
isolation or protection and there is no authentication required or
provided by the NAT (unless it is also some sort of VPN server.)
 
Herb -- Thanks for the reply.

In the meantime, I have received a reply from Iomega -- the makers of the
network drive in question. Long story short, they ship software with the
external hard drive which is REQUIRED to be installed on each pc which may
want to access the drive. And that software permits the drive to be accessed
by only one user at a time. So it turns out that not only is the drive
protected behind the NAT, it is also "protected" by the special Iomega
software required to access it.

So with the combined protection afforded by the NAT and the required Iomega
software, the network drive should be plenty secure directly connected to a
router.

BTW: This drive is 120GB for $200 and can be connected directly to the
router via ethernet (my option), directly to a PC via USB, or directly to a
PC via ethernet cross-over cable. That's why I am choosing this particular
external drive. I like the ethernet connectivity without giving up the USB
option. No Firewire, but USB 2.0 is just as fast as Firewire so no big deal.
 
Scott D. Pearson said:
Herb -- Thanks for the reply.

In the meantime, I have received a reply from Iomega -- the makers of the
network drive in question. Long story short, they ship software with the
external hard drive which is REQUIRED to be installed on each pc which may
want to access the drive. And that software permits the drive to be accessed
by only one user at a time. So it turns out that not only is the drive
protected behind the NAT, it is also "protected" by the special Iomega
software required to access it.
Click to expand...

Makes sense, but could the "one user" be a hacker?
Even if they didn't get access completely, could that
constitutes a Denial of Service attack? Would you
care?
So with the combined protection afforded by the NAT and the required Iomega
software, the network drive should be plenty secure directly connected to a
router.

BTW: This drive is 120GB for $200 and can be connected directly to the
router via ethernet (my option), directly to a PC via USB, or directly to a
PC via ethernet cross-over cable. That's why I am choosing this particular
external drive. I like the ethernet connectivity without giving up the USB
option. No Firewire, but USB 2.0 is just as fast as Firewire so no big
Click to expand...
deal.

I would just as soon stick a drive in one of my existing servers
for less money or more space and better performance but that
isn't what you asked about.

--
Herb Martin
 
Back
Top