RFC1918 addresses to permit in for VPN?

• Previous message (by thread): RFC1918 addresses to permit in for VPN?
• Next message (by thread): RFC1918 addresses to permit in for VPN?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 31 Dec 2000, Jason Lewis wrote:

> 
> I am a little lost as to what the real argument is.....
> 
> Don't use RFC1918 addresses on public networks.
> or
> Don't use RFC1918 addresses on as a security measure.
> 
> I don't use RF1918 address on public networks, but I do use them on my
> backend systems and at some level I consider it a security measure.  Those
> backend machines don't have access to the Internet and the private
> addressing helps ensure that is true.  Is my thinking flawed?
> 
> jas
> 


Jason,

As long as you do it BACK-END, meaning, no need or desire, or possibility
of outside access, you're fine (IMHO).

1918 has it's place.  But, as Randy has stated, it is NO guarantee of
security.

We use 1918 space in our network -- It's 100% test environment,
unconnected, and secure.  If someone breaches physical security, more
power to them amd SMAME ON US!  (Please, someone try!  It's been a while
since we've had someone at gunpoint and we're forgetting all of the lines 
from the Dirty Harry movies.)  (Yes, we've had people at gunpoint
before.  I doubt they'll EVER try again.)

People who use 1918 space because "they're running out of address
space" or "security" IMHO, are doing themselfs a disservice.  #1, have
they ever heard of IP UNNUMBERED?  Can save a TON of address space.  And
if they're that anal about their use of world-routable address space and
are that tight on available addresses, I'm sure they'll be OK'd for more
address space from ARIN or whoever their RIR happens to be.

---
John Fraizer
EnterZone, Inc

• Previous message (by thread): RFC1918 addresses to permit in for VPN?
• Next message (by thread): RFC1918 addresses to permit in for VPN?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]