NOC servers with public/private ip address

• Previous message (by thread): NOC servers with public/private ip address
• Next message (by thread): www.ncs.gov
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 15 Aug 2001 11:07:21 EDT, you said:
> Using a NAT in a NOC situation makes audit trails harder to maintain,
> as all administrative connections to your network devices will appear
> to come from (one of) the address(es) of the NAT device.

Right.  That too - that's why I advised against it.  Choices I see
as reasonable:

1) A totally isolated management net in 1918 space.
2) A totally isolated management net in your space.
3) A firewalled management net in your space.
4) A management net in 1918 space, and a bastion host that lives in the
1918 space and your space to get stuff in/out with (no direct connections
available - copy stuff to the bastion from one side, then copy out from
the other).

Of course, for options (3) and (4) you need to have a very clear
understanding of how you are handling security for the management net.

And for options (1) and (2), you need to be careful that it *does*
stay isolated - all it takes is one router that's forwarding packets
for it to change into (3) or (4). ;)

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010815/9e42925a/attachment.sig>

• Previous message (by thread): NOC servers with public/private ip address
• Next message (by thread): www.ncs.gov
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]