Which is the more correct answer?

awg0681awg0681 Member Posts: 14 ■□□□□□□□□□
Which solution provides a transparent firewall solution between an internal network and outside networks?

A. Proxy Server
C. Hub
D. Router

My initial answer was Proxy due to the fact that proxies can filter traffic and content as well as replace internal network addresses with their own address, thus masking the private IP. However, a proxy server isn't always a transparent solution.

The answer which the practice test engine said is correct was NAT. It stated that employing NAT provides a transparent firewall solution between the internal network and outside networks and that the primary purpose of NAT is to hide internal hosts from public networks. This is contrary to what I remember from Mike Meyer's book in my Network+ studies where he says very plainly that NAT is a poor security solution on it's own and should not be used as such. He also goes on to state that the purpose of NAT is to allow multiple clients to connect to a public network (such as the internet) that uses a restrictive and limited addressing schema like IPv4.

Now I doubt I'll see this exact question on the exam, but it's the theory and principles behind it I want to make sure I have down. I'd appreciate any thoughts you guys here may have on this.


  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Disclaimer: I haven't started studying for Security+ yet.

    To me it sounds like NAT.

    The reason I guess this (and now see that it is correct) is because any host outside the network is going to see the same ip address. No matter which client that you access the internet with, the web server will always see the same ip address. That is going to make it difficult to launch an attack on one of the clients.

    I think what kind of got you was the firewall part. Nat generally isn't considered a firewall, but it does hide your internal network.

    Edit: Why I didn't guess the others.

    Proxy Server: While all the traffic does pass through here, I think what threw you off here is that the proxy server doesn't always implement NAT. It can, so it would sometimes be right. But not always.

    Hub: A Hub will never be sitting on the edge of an internal and an external network.

    Router: This could be, but I don't think I would consider a router to be transparent.

    As far as the Mike Meyers book, he is correct. NAT alone is not a good way to protect your network. If you had an unsecured wireless network that didn't broadcast the SSID it would likely keep your neighbors (who don't know anything about IT) out. But the second someone came snooping by they would figure it out and instantly get access. But when you combine the nonbroadcasting ssid with wpa and mac filtering, you have a pretty secure wireless netowork that will likely keep both the neighbors and the wardriving hacker out.

    He is also right with the purpose. The way I learned NAT was a way to have 1 external address but still have many internal clients. A side effect of this is that it can help to keep a hacker from learning the inside of your network. The most secure solution would be to use firewalls, and NAT, and proxies, and anything else you can think of.
    Decide what to be and go be it.
Sign In or Register to comment.