> "VPN's?" Virtual Private Network. For allowing communication between computers.
Unlike a real Private Network, where only the allowed computers are (physically) connected, a VPN shares the physical transport medium with other computers. Usually, a VPN is used to connect different computers of a company via the internet (instead of dedicated cables which belong to/are rented by the company). To make sure that the data which is exchange remains undisclosed to others, the communication uses cryptography. Although everybody who has has access to the internet nodes where the information goes through can record the data, he cannot make any sense out of it (unless he manages to break the encryption). Therefore a VPN is as safe (or even safer!) than digging up the ground and building an own network. "NAT?" Network Address Translation. When connecting to a network, a computer uses an "unique" address which makes it recognizable. This address can be static (never changes) or dynamically assigned. A computer which uses a dial-up connection to the internet usually gets assigned a new IP address every time it connects. Since the internet service providers (ISPs) keep logs about which user had which address at which time and date, it is possible to find out the identity of a user from IP address and date and time. When accessing a server on the internet, the current IP address of the requesting machine is sent to the target server, so it knows where to the send the result of the request (for example, a web page). Very often, this information is recorded by the servers themselves, but logs can also be kept by the nodes where the information goes through when traversing the internet (when accessing some server on the internet, the data passes though multiple machines until it reaches the desired destination). This means that there is no such thing a anonymous accessing of servers on the internet. Of course one will need to have both the access logs AND the help of the ISP which is responsible for the IP adress which was used to make the accesses in question. It is reasonable to assume that the ISPs will not give this information to everybody who just asks, of course. With NAT things look a bit different. NAT means that your PC has some IP address like usual, but it is not disclosed to the target machine. It works by connecting though a anonyminizing proxy server. For example, if you request a www page, the request is sent to the proxy server. The proxy server then requests the page from the target machine, but with it's own IP address as a return address. When it receives the answer from the target machine, it relays it back to your machine. The proxy server keeps a table of open requests and the "real" IP addresses where the answers have to go to. A proxy server is typicially used by numerous user simulatneously. Of course, a proxy server can also keep logs of the connections, which would mean that all connections could be tracked again. But NAT is not primarily for obscuring one's real IP address. It is also used to connet internal networks to the internet or for internet connection sharing (ICS, such a thing is also built-in in Windows 2000 and XP). Many companies have internal networks with "non-public IP adresses". These IP addresses are NOT used on the internet (and they are not unique worldwide...but since they are restricted to the internal network of the company, that does not matter. BTW, "company" can also mean "family" here, using Windows ICS in a home network works the same). Advantage of these non-public ip addresses is: a company does not need occupy several of the limited global IP addresses and the computers in the internal network are way harder to attack from the outside - they simply cannot be reached since their addresses are not allowed on the internet. When such a cimputer does a request on the internet, it asks the proxy to do so and the proxy does it with it's own address, again keeping track of the original internal IP address of the requesting machine. Bad luck for law enforcement agancies, as they see only that someone at company XYZ did request a page with questionable content, but if the NAT proxy of the company did not record any information about these connections, it could have been any of the employees. So, NAT is like using a public payphone, no NAT is using like one's personal mobile phone (these are usually as personal items as one's internet account). - Klaus _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
