Network Address Translation (NAT)

Network Address Translation (NAT)

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

The most common form of network translation involves a large private network using addresses in a private range (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private addressing scheme works well for computers that only have to access resources inside the network, like workstations needing access to file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers have to have a public address in order for responses to their requests to return to them. This is where NAT comes into play.

Internet requests that require Network Address Translation (NAT) are quite complex but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal IP. It then makes the same request to the Internet using its own public address, and returns the response from the Internet resource to the computer inside the private network. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public addresses is needed for hundreds or even thousands of users.

Most modern firewalls are stateful - that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection.

There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world.

Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols.

NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall.

How to Repair Windows Startup in Debugging Mode

The Windows operating system includes various startup options for troubleshooting issues with the Windows boot process. One troubleshooting option, Debugging Mode, is available for system administrators and advanced users. This mode loads limited drivers and software to facilitate troubleshooting the Windows Startup routine.

-         Click or tap the “Search” icon in the right navigation strip on the Windows desktop. If you're using the touch screen instead of the mouse, swipe from the right side of the screen toward the center to open the right navigation strip. The Search pane opens.

Type “Advanced Startup” in the Search box and click the “Search” icon. The Settings results display on the desktop.

-         Click or tap the “Advanced Startup Options” entry. The Advanced Startup Options page opens.

-         Click or tap the “Restart Now” button under the Advanced Startup heading. A page of Restart options opens.

-         Click or tap the “Troubleshoot” option. The Troubleshooting Options page opens.

-         Click or tap the “Advanced Options” in the Troubleshooting Options page. The Advanced Options page opens.

-         Click or tap the “Startup Settings” option. The Startup Setting page displays several options for repairing and troubleshooting the Windows Startup settings.

-         Click or tap the “Restart” button. Verify the reboot by clicking or tapping “Yes” at the verification prompt. The computer restarts in Debugging Mode, enabling the administrator to eliminate drivers and software from the startup process to identify and resolve startup issues.

How To Disable the Automatic Restart on System Failure

How To Disable the Automatic Restart on System Failure

1. Click on the Start button and then on Control Panel.

Tip: Type system in the search box after clicking Start. Choose System under the Control Panel heading in the list of results and then skip to Step 4.

2. Click on the System and Security link.

Note: If you're viewing the Small icons or Large icons view of Control Panel, you won't see this link. Simply double-click on the System icon and proceed to Step 4.

3. Click on the System link.
4. In the task pane on the left, click the Advanced system settings link.
5. Locate the Startup and Recovery section near the bottom of the window and click on the Settings button.
6. In the Startup and Recovery window, locate and uncheck the check box next to Automatically restart.
7. Click OK in the Startup and Recovery window.
8. Click OK in the System Properties window.

1. You can now close the System window.
2. From now on, when a problem causes a BSOD or another major error that halts the system, Windows 7 will not force a reboot. You'll have to reboot manually when an error appears.

Disable driver signature enforcement windows 7

Disable driver signature enforcement windows 7

This is an handy write-up especially installing "Unsigned Drivers" as Microsoft enforces a “Digital Signature Requirement” on all users of 64 bit version of Windows 7 and later. This comes handy when you needed it most after all the frustration dealing with it and run it flawlessly and away with your task.

Disabling method for Windows 7 64-bit:

Permanent method:

·         Go to Start Menu and go to "All Programs", then "Accessories", right click your mouse on "Command Prompt" and "Run as administrator", as shown below:-

1.  bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

Copy the Code

1.  bcdedit.exe -set TESTSIGNING ON

Copy the Code

·         Type the above codes and press "Enter" after each command, as shown below:-

·         Reboot your PC/Laptop

·         Now Signing Enforcement is disable, in Test Mode as shown in the above imagery on the lower right-hand corner

·         To "Enable Driver Signature Enforcement" enter the following code:-

1.  bcdedit.exe -set loadoptions ENABLE_INTEGRITY_CHECKS

Copy the Code

1.  bcdedit.exe -set TESTSIGNING OFF

Copy the Code

Temporary method:

·         During booting your PC/Laptop, press "F8" key continuously to access the "Advanced Boot Options"

·         Use the "Down" arrow key to scroll down to “Disable Driver Signature Enforcement”

·         Press "Enter" to choose

·         It will automatically reboot disabling the enforcement accordingly, as shown below:-

What is Microsoft KMS?

What is Microsoft KMS?

A Microsoft Key Management Server (KMS) is a legitimate service offered under Microsoft Volume Activation 2.0 solution which is used to activate volume licensed Microsoft products. The KMS allows automated activation of Microsoft products for organizations within their own network, eliminating the need for individual computers to connect to Microsoft for product activation.

The internally hosted KMS server activates client computers for a period of 180 day, once a machine is activated it will attempt to communicate with the same KMS server every 7 days to renew its activation resetting it license counter back to 180 days. If the KMS activated client is not able to re-communication to the KMS after 180 days, the machine will become unlicensed and go to its 30 day grace period and notify the user of this change. If the machine is not activated against the KMS after the 30 day grace period it will enter a reduced functionality mode until it is able to connect to its KMS or is changed to a MAK license key and activated with other methods.

While being a legitimate service from Microsoft for volume licensing and activation of genuine copies of their software's, KMS activation process has been exploited by pirates since Windows XP and is Windows 8 activators are based on this method.