What NAT Firewalls are, and Why You Need Them
If you don’t come from a technical background, understanding the technical jargon on a VPN service provider’s website can be mind-boggling. Without an accurate understanding of the services they provide, you won’t really know if you are getting the most bang for your buck. After all, on the surface all you want is to unblock restricted sites while simultaneously protecting yourself from online hackers, spies, data thieves, and the N.S.A., right? However, you should have at least a basic understanding of what a NAT firewall is and how it helps protect you online.
The Basics: Understanding Firewalls
If you have seen any action movie with a hacker in it within the last 10 years, you have undoubtedly heard people throw around the term ‘firewall.’ But what the heck is a firewall and what does it do? Well, a firewall is an extremely powerful security device that protects you from online threats in a variety of ways. For example, a firewall can be used to block traffic from certain geographical regions, specific types of web traffic (e.g. video, HTTP/web browsing, and even traffic that is identified to contain a virus). Most often a firewall will sit directly within the path that your home PC’s and devices use to reach the internet.
Think of a firewall as the portcullis on a castle wall. No malicious enemy invaders or threats to the castle (i.e. your network) get in – or out – of the castle walls unless the portcullis (i.e. the firewall) is raised and allows the traffic through. In addition to basic firewall services, you should also be concerned with the basic premise of NAT.
How NAT Works
NAT, or Network Address Translation, has been a pivotal component of the Internet for the last few decades. NAT – at its core – does one simple task: it substitutes private IP addresses and ports for public IP addresses. You see, globally unique IP addresses (public IP’s) are finite and almost all used up! This is a big problem because every device that connects to the Internet needs an IP address to function. By using NAT, it is possible for multiple private addresses to share a single public IP address – thereby slowing the process of IP address exhaustion. There are other types of NAT used for special purposes, but just understand that NAT essentially swaps one IP address for another.
However, NAT also helps add security in some situations. With exceptions to advanced reconnaissance and network discovery techniques, an attacker can’t see what’s behind your firewall. Even if you have 10 different computers using the same public IP address, it still just looks like one address to an attacker. By NAT’ing your private addresses, you are able to hide all of your devices. This offers a thick layer of protection because devices behind a NAT firewall are (for the most part) unidentifiable online.
Putting it All Together
So what does this mean for YOU if your VPN service providers offers a NAT firewall? It means that you have increase security and protection from online threats. Once your data has been encrypted and tunneled to a server outside your local network, your home router or firewall-capable device can’t see the traffic inside. Essentially, without a VPN service that offers NAT/Firewall services, you are creating a tunnel (or hole) through which your private network could be reachable.
Alternatives to VPN Service Provider Firewalls
You can – and should – take advantage of software based firewalls on your host operating system to help mitigate threats in absence of a VPN service with firewall and NAT services. However, this is not the end-all-be-all solution. Sometimes people get tired of configuring their software firewall and constantly opening and closing different ports as needs change. Also, many people forget that their software firewall is enabled and beat their heads against the wall when trying to configure and troubleshoot a new service or piece of software.
Simply put, even if you have a software firewall, a firewall and NAT service from your VPN provider still has value. It gives you an extra layer of security and creates another barrier between you and would-be online attackers.