[111655] in North American Network Operators' Group
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon Feb 9 22:16:26 2009
To: "TJ" <trejrco@gmail.com>
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Mon, 09 Feb 2009 21:27:59 CDT."
<00df01c98b27$3181b7e0$948527a0$@com>
Date: Tue, 10 Feb 2009 14:16:10 +1100
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
In message <00df01c98b27$3181b7e0$948527a0$@com>, "TJ" writes:
> >> > The SOX auditor ought to know better. Any auditor that
> >> > requires NAT is incompenent.
> >>
> >> Sadly, there are many audit REQUIREMENTS explicitly naming NAT and
> >> RFC1918 addressing ...
> >
> >SOX auditors are incompetent. I've been asked about anti-virus software on
> >UNIX servers and then asked to prove that they run UNIX.........
>
> Fair enough, but my point was that it isn't the auditors' faults in _all_
> cases.
> When the compliance explicitly requires something they are required to check
> for it, they don't have the option of ignoring or waving requirements ...
> and off the top of my head I don't recall if it is SOX that calls for
> RFC1918 explicitly but I know there are some that do.
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
