North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: RFC1918 addresses to permit in for VPN?
On Sun, 31 Dec 2000, Jason Lewis wrote: > > I am a little lost as to what the real argument is..... > > Don't use RFC1918 addresses on public networks. > or > Don't use RFC1918 addresses on as a security measure. > > I don't use RF1918 address on public networks, but I do use them on my > backend systems and at some level I consider it a security measure. Those > backend machines don't have access to the Internet and the private > addressing helps ensure that is true. Is my thinking flawed? > > jas > Jason, As long as you do it BACK-END, meaning, no need or desire, or possibility of outside access, you're fine (IMHO). 1918 has it's place. But, as Randy has stated, it is NO guarantee of security. We use 1918 space in our network -- It's 100% test environment, unconnected, and secure. If someone breaches physical security, more power to them amd SMAME ON US! (Please, someone try! It's been a while since we've had someone at gunpoint and we're forgetting all of the lines from the Dirty Harry movies.) (Yes, we've had people at gunpoint before. I doubt they'll EVER try again.) People who use 1918 space because "they're running out of address space" or "security" IMHO, are doing themselfs a disservice. #1, have they ever heard of IP UNNUMBERED? Can save a TON of address space. And if they're that anal about their use of world-routable address space and are that tight on available addresses, I'm sure they'll be OK'd for more address space from ARIN or whoever their RIR happens to be. --- John Fraizer EnterZone, Inc