Hiding the Private Network

After describing the interior has been secured using the proper devices, techniques and policies, it is necessary to secure the inner perimeter, which is the connectivity points between the individual's or organization's private network and the Internet. This chapter discusses the advantages and disadvantages of implementing Network Address Translation (NAT) and Port Address Translation (PAT) for network security. NAT can be performed with policy‐based routing (PBR) where the mapping decision is determined by any number of rules, which can be based on many different criteria. Most home networks rely on NAT as their only security mechanism. The chapter defines and describes network segmentation and security zones, and considers NAT to create security segments in the network and virtual local area networks (VLANs) to implement security zoning. Network virtualization can be used to implement software driven virtual network storage units.