1

Use of a Router is the first solution for adding a security layer to any LAN with N machines, connected to the internet (through its firewall settings). My question is does the WAN to LAN conversion and vica versa, adds any security by itself, and what is it exactly?

o-0
  • 129
  • 3

4 Answers4

0

In a WAN you do not have control over the traffic, but in a LAN you do, you can for example restrict physical access to the network, implement security policies... But when you connect the two, you lose that control, because (again) you dont have control over the WAN part, and being the WAN a bigger network than the LAN the threat profile is much bigger.

The benefit as I see it, is that in a LAN you get to implement security measures like a firewall, or a honeypot, but I wouldn't say that just by connecting a LAN to a WAN you get any security benefit by itself, you need to work to actually get that security improvement.

Purefan
  • 3,560
  • 19
  • 26
  • But router has much more limited resources. In case of servers and providing Web applications to the users, isn't it better to use servers instead to do the conversions? – o-0 Jan 29 '16 at 15:11
0

The classic example on WAN / LAN conversion is your local network which is connected to the internet. This works by a router connected to a firewall connected to a modem, usually all of these components are one box which we colloquially call router.

The whole security of your LAN resides in the router and the protocols used, while the LAN / WAN connection is controlled by the firewall. A firewall doesn't make your LAN more secure in terms of controlling internal traffic, but it can block incoming traffic from the WAN (like someone trying to connect to your homer server).

AdHominem
  • 3,006
  • 1
  • 16
  • 26
0

In my opinion and from a security point of view. The WAN / LAN conversion at least provides Network address translation (NAT). The NAT acts as a Circuit level gateway Firewalls. Circuit level gateway firewalls work at the session layer of the OSI model. The NAT hides the internal structure of your LAN. It also validates the TCP session handshake by monitoring the ACK, SYN flags. If the handshake is successful the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders on the WAN.

Ubaidah
  • 1,054
  • 6
  • 11
0

Yes, the WAN to LAN conversion does add security by itself.

On the WAN-->LAN part, outsiders will no longer have access toward your computer's information. A lot of information that could be determined with ease in the case of a direct access is no longer directly obtainable. If your PC/device would simply be accessible in a direct way, with a router that is no longer possible and will need special configuration for that purpose (like port forwarding and NAT).

On the LAN-->WAN side, it's more of an overall protection against being denied service due to your own computer having problems. You can still access everything you did with direct connection, but the router will most likely fail in case of floods, attacks or overwhelming number of connections generated from your computer...so that would in turn prevent the provider from denying you for some of the aspects mentioned.

Overmind
  • 8,779
  • 3
  • 19
  • 28