[40612] in North American Network Operators' Group
Re: NOC servers with public/private ip address
daemon@ATHENA.MIT.EDU (Kevin Loch)
Tue Aug 14 19:18:23 2001
Message-ID: <3B79B7CD.A951488F@opnsys.com>
Date: Tue, 14 Aug 2001 19:44:13 -0400
From: Kevin Loch <kloch@opnsys.com>
MIME-Version: 1.0
To: Wojtek Zlobicki <wojtekz@idirect.com>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Wojtek Zlobicki wrote:
>
> Private addressing adds an extra layer of security as well as saving
> valuable IP space.
Be careful not to equate RFC1918 addresses with a security measure.
*Especially* on
publicly accessible routers.
The decision to use 1918 or not should be based upon wether that interface will
ever
send packets to the Internet. In this case it sounds like it won't so that
would be
a good thing to do.
If you also want that network to be secure, you should implement an appropriate
security
policy with filters/firewalls/intrusion det./etc. Hopefully that policy won't
require 1918 addresses
to be effective :)
KL
