Isolation and obscurity are valid countermeasures but there have been
some long discussion on this list about how much real benefit is gained
by using private addressing over issued ones. In my
opinion anything that decreases the likelyhood that an attack will be
successful is good but the
real question is, "Is the benefit worth the cost of implementation?"
"Simplify - There is no value in complexity, it's too difficult to
manage."
Bill Stackpole, CISSP
Seitel Leeds & Associates Voice: 206.283.4355
2 Nickerson St. Suite 201 Email: bstackpole @
sla .
com
Seattle, Wa 98109
> -----Original Message-----
> From: Alan Goldberg [SMTP:agoldber @
istar .
ca]
> Sent: Wednesday, August 20, 1997 9:32 AM
> To: Firewalls @
GreatCircle .
COM
> Subject: IP Addressing strategy
>
> We have a class B registered address.
>
> If we deploy our firewalls do we a) use invalid addresses internally
> for all of our subnets, or b) it doesn't matter.
>
> There has been debate internally on this issue. I would expect
> that it is easier to manage to continue to use our allocated subnet
> numbers and let the firewall restrict the traffic.
>
> The other side contends that invalid numbers prevent intrusion.
>
> Any opinions? facts?
> --
> Alan Goldberg
> HJ Heinz Company of Canada Ltd / Intuit Bus Serv & Tech
> agoldber @
istar .
ca
> http://home.istar.ca/~agoldber
Follow-Ups:
|
|
