[unisog] Public or Private IP addresses?

Eric Pancer epancer at security.depaul.edu
Thu Oct 13 23:45:48 GMT 2005


Stejerean, Cosmin wrote on Thu, 2005-10-13 at 17:43:51 -0500...

> DePaul University uses public IP addresses for all of the computers on
> campus. I have heard from people at other universities that they use private
> IP address ranges internally and then map private to public IP ranges.
> 
> I am wondering how the network is setup at other universities and what
> people on the list think about advantages and disadvantages of picking one
> over the other.

Being a DePaul Employee, I think I can comment on this.

From a security perspective, it's quite easy to be able to track
down a compromised host or find a problem specific to a certain
machine. The only time we run into problems or have difficulty
determining which MAC address to filter, which port to shut down,
etc., is when there is a shared address or port across two or more
machines. Case in point: NAT devices that students are bringing in.
Once it gets cut off, so will their PS2, Xbox, etc.

I've been on both sides of the fence, having worked in a NAT-heavy
corporate environment before coming here. In my mind (and much to
the pleasure of jtk [hi jtk!] hearing me say this), I think NAT
only makes things worse from an incident response perspective, and
security in general.

I'll let the network gurus here tell you why each machine *should*
have a unique IP address.

-- 
Eric Pancer : Computer Security Response Team : DePaul University
http://security.depaul.edu/  .:!::!:.:!:.   epancer at sg.depaul.edu
1024D/7ACBCFF3  C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 447 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20051013/ccc2b5f5/attachment.bin


More information about the unisog mailing list