North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: NSA's recommendation for classfull routing (was Re: IP addressfee??)
Not that it will more people the trouble of sending me more messages, but yes I'm aware the NSA guide states: "The goal for this guide is a simple one: improve the security provided by routers on US Department of Defense (DoD) operational networks." Inside the DoD, they may want to only use classful routing. The recommendation may be valid for that environment. Unfortunately, some security firms and organizations have taken the NSA guide as a rulebook. I've seen a lot of security checklists copied directly from the NSA Router Security and Configuration Guide. Even worse, I've seen very expensive security vulnerability reports recommending clients change their routers based on the NSA guide, such as turning off ip classless. If you are building a network in the outside of the DoD some of the NSA recommendations should *NOT* be followed.