v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
josmon at rigozsaurus.com
Tue Feb 10 05:54:21 UTC 2009
On Tue, Feb 10, 2009 at 02:16:10PM +1100, Mark Andrews wrote:
> In message <[email protected]>, "TJ" writes:
[...SOX auditor stuff...]
> > When the compliance explicitly requires something they are required to check
> > for it, they don't have the option of ignoring or waving requirements ...
> > and off the top of my head I don't recall if it is SOX that calls for
> > RFC1918 explicitly but I know there are some that do.
> Please cite references.
> I can find plenty of firewall required references but I'm
> yet to find a NAT and/or RFC 1918 required.
It isn't SOX, but sadly enough, PCI DSS Requirement 1.5 says:
Implement IP address masquerading to prevent internal addresses from
being translated and revealed on the Internet. Use technologies that
implement RFC 1918 address space, such as port address translation (PAT)
or network address translation (NAT)
I know that some auditors want to hold people to that standard.
I stopped working with the credit card people at that point...
More information about the NANOG