NAT Firewall
NAT stands for Network Address Translation which is a process of providing access of private network computers using a public IP to connect to the internet. The main idea of NAT is to assign private IPs in the network so that it would use the NAT for any communications to the internet. This way, it substantially reduces the number of private IPs as all of it will use one public IP address.
Fundamentally, a computer in a network does not contact the internet directly. It goes through the NAT firewall that translates their assigned IP address and uses the firewalls address to communicate with the internet. The same goes to the resources sent back to the network, it will be sent to the firewall address then back to the computer requesting the resource.
As you can see from the process where NAT firewall takes place, it adds a security layer to the communication from private network computers to the internet. You would have guessed that this firewall is located on the router or a gateway. As most firewalls now are stateful, it can easily track packets and traffic information going through the connection and make sure there is no suspicious communication going on.
One other essential use of NAT firewall is how it can be used for web servers as it needs internet access all the time. The firewall will be the intermediary between the web server and outside communication with more security and customization on the network. Thus, the internal network of web servers could be configured more freely as it is only communicating in the private network without any traffic from outside. The NAT firewall is a great utility for network administrator to have more control in this kind of network regarding open ports and traffics.
OpenSSH
OpenSSH is a tool that enables a SSH protocol to gain connection into a computer or a server remotely through a secure connection. With SSH, all data exchanged are encrypted a pair of public and private key in the server and client respectively. Thus, we can have a secure communication between 2 computers.
There are several actions that we could do with OpenSSH, one of the most used is remote access. The OpenSSH computer will be open TCP port 22 for clients who want to access the system. You would still need an authentication that has been created at the OpenSSH installation as any computer would be able to access that port at anytime. After the connection establishment, the client could now have access to the computer and able to execute commands on the computer.
Another use of OpenSSH is to use the secure protocol to make file transfers between client and server computer. The concepts is the same which uses SSH key for encryption of the data with authentication for establishing the connection.
Critical Thinking & Analysis
SSH protocol is strong utility to enhance security in the a communication. However, it needs to be considered that it also poses some threat if it is not configured correctly. Enabling SSH on servers that should not have and outdated SSH software would just increase an attacker attack surface. Therefore, SSH have to be controlled correctly by creating policies on SSH management to create a more secure network and mitigate risks of being compromised.
Another crucial vulnerability is port forwarding that could be executed through SSH. This means clients that are compromised could bypass firewalls in a secured network and connect straight to the server and have controls on it. This is something that will really need consideration as client computers could be compromised and same goes for private keys. An insecure location would be a huge vulnerability which means as long as the attacker get hold of the private key, the attacker could get access to the server.
Marcellus's Blog 