NAT was originally designed for IP address reduction purposes so that an organization with a large number of devices that occasionally needed Internet access could get by with a smaller set of assigned Internet addresses.
NAT is most often performed by mapping private addresses from an internal network to one or more public addresses on a network that is connected to the Internet. It is a powerful tool that can be used to hide internal network addresses and enable several endpoints within a LAN to share the same (external) IP address. In NAT as it is literally defined, outgoing IP headers are changed from private LAN addresses to the router's global IP address.
When private addresses are used for hosts and mapped to public addresses through NAT, external hosts cannot initiate connections directly to the internal hosts because private addresses are not routable across the Internet. Thus, all attacks against the network must be focused at the NAT router itself. Like firewalls, this provides security because only one point of access must be protected, and the router will generally be far more secure than a PC directly connected to the Internet (less likelihood of open ports, malicious programs, etc.). The abstraction of the LAN from the Internet through a NAT also simplifies network management. For instance, if one decided to change their ISP, only the external router configuration would need to be changed. The internal network and addressing scheme could be left untouched.