Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 'hiding' internal IP addresses

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 6 Feb 2004 12:07:56 -0700 
I guess I'm not entirely clear on what you're asking.  If you're referring
to Network Address Translation, then, no it is not a requirement.  Although
it is a good idea, there are plenty of reasons that you may want to use
public address space for some workstations and especially for some servers.
In either case, the security can come down to your firewall ruleset and the
quality of the security on the individual machines.   I would not regard
Network Address Translation as a end-all solution to security since there
are almost always going to be machines that will have access across the NAT
boundary which can be compromised.  There are usually also backdoors which
users or unwitting administrators or programmers will install to bypass the
security (or obscurity) provided by the NAT scheme.

I hope that answers your question.

Eric

-----Original Message-----
From: Meritt James [mailto:meritt_james () bah com]
Sent: Thursday, February 05, 2004 7:23 AM
To: J. Yoon; security-basics () securityfocus com
Subject: 'hiding' internal IP addresses


What is the instruction/directive/memorandum/... (or is there one?)
which directs 'hiding' internal IP addresses? It's smart, but is it a
requirement?
----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: