How can NAT/PAT complicate network security monitoring if NetFlow is being used?
- It changes the source and destination MAC addresses.
- It conceals the contents of a packet by encrypting the data payload.
- It disguises the application initiated by a user by manipulating port numbers.
- It hides internal IP addresses by allowing them to share one or a few outside IP addresses.
Explanation & Hint:
NAT/PAT maps multiple internal IP addresses with only a single or a few outside IP addresses breaking end-to-end flows. The result makes it difficult to log the inside device that is requesting and receiving the traffic. This is especially a problem with a NetFlow application because NetFlow flows are unidirectional and are defined by the addresses and ports that they share.