RFC1918 addresses to permit in for VPN?

• Previous message (by thread): RFC1918 addresses to permit in for VPN?
• Next message (by thread): RFC1918 addresses to permit in for VPN?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the referenced message, Deron J. Ringen said:
> > Using RFC1918 space also gets you an IP range where the outside world has
> > no route to it -- Sorry, but no packets are not getting there, ergo no way
> > to hack.
> .
> .
> > At that point, just by use of simple routing, you've effectively
> > eliminated 100% of attacks from the outside, and you only have to worry
> > about inside.  The front door is secure, now work on the back door.
> >
> I know that this thread as escalated unrestrained,  however this is the
> original point that I attempted to make.
> 
> ...djr...

LSR not withstanding, anyone directly connected to you can devise
their own routing via static routes. Anyone on your own network
doesn't need to (assuming their defaulted.) rfc1918 is merely an illusion.
If you're taking care of the "inside", you've already added the security
which rfc1918 isn't providing. This is the point that I believe many others
are trying to make. Security through obscurity is no security at all.

Stephen

• Previous message (by thread): RFC1918 addresses to permit in for VPN?
• Next message (by thread): RFC1918 addresses to permit in for VPN?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]