Live IPs are more secure??
Results 1 to 9 of 9

Thread: Live IPs are more secure??

  1. #1
    Junior Member Surface's Avatar
    Join Date
    Oct 2005
    Posts
    7

    Question Live IPs are more secure??

    Hi,

    Two months back when i was configuring an ADSL router at a clients site, the client questioned me about the the working of the ADSL router. I explained to him what was ADSL and how we (ISP) used NAT to dynamically allocate IP addresses.

    One month later i recieved a complaint, and when i went to attend it---- everything was fine!!. Now when i met their admin. (the person who registered the complaint) he told me that he needed Live IPs to maintain the security of his organisation.

    Still even today, i wonder how the network would become more secure when Live IPs are used instead of dynamic NAT??

  2. #2
    Member
    Join Date
    Nov 2004
    Posts
    71
    Could it be so that if they used static IP's he could simply deny acces to any ip address in the range that he hadn't assigned at the firewall? Or maybe he was worried that people could just walk in and plug into his network and be given an address via DHCP, instantly giving them access?
    Just a couple of almost incoherant thought drifting in my head at the moment.
    If everything looks perfect, then there is something you don\'t know

  3. #3
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    It could be he wants to implement a firewall and/or a VPN security gateway to secure homeworkers and such. And since local ranges aren't routable over the internet and NAT can be a pain to vpn's for.ex. i can imagine he wants a public ip. Also that way its easier to open up outbound-servers for.ex in a secured DMZ etc etc

    Cheers
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  4. #4
    Junior Member Surface's Avatar
    Join Date
    Oct 2005
    Posts
    7
    Well.....DHCP is implemented at the customers' premises, so it can be disabled or enabled, you wouldnt need live ips for doing that. Also the subnet (of the enterprise) could be changed without much problems since we had an ADSL ROUTER.

    Firewalls i feel can be implemented using a private address and can be as secure (if not more) as when implented with Live ips. VPNs....... even i felt that they would implement VPNs with the internet addresses, but its confirmed that they are not using VPNs.

    So why would someone shell out more money for Live IPs if he isnt using VPNs........Security?? thats what he says !

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by Surface
    Well.....DHCP is implemented at the customers' premises, so it can be disabled or enabled, you wouldnt need live ips for doing that. Also the subnet (of the enterprise) could be changed without much problems since we had an ADSL ROUTER.

    Firewalls i feel can be implemented using a private address and can be as secure (if not more) as when implented with Live ips. VPNs....... even i felt that they would implement VPNs with the internet addresses, but its confirmed that they are not using VPNs.

    So why would someone shell out more money for Live IPs if he isnt using VPNs........Security?? thats what he says !
    I have to ask what do you mean by "Live IPs?" I'm thinking you mean a static IP, but I've been in networking for awhile and have never heard it called a Live IP...

    Also, what do you mean by NAT dynamically assigns IPs? NAT does nothing of the sort, it is a routing algorithm. DHCP dynamically assigns IPs, not NAT. In NAT you give out a public IP, and then there are private IPs behind that. The dynamic IP you get from an ISP is not private as you can very easily route information directly to that IP address. It does have to go through the ISP routers, but they are going to use BGP or some other form of IP routing, not NAT.

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I am with mohaughn on this live ip static thing.

    And for the minimal amount of information given..

    He wants static IPs behind the router???

    Depending on the router and setup...maybe he needs to direct certain remote traffic to certain devices\machines on his lan...web traffic to a web server...email to the email server...

    That way it would be more secure then just allowing this specific traffic into all machines\devices on the lan...

    This would require static ips on the lan...or part of.

    Depending on the router...you can give out dynamic to a majority of the machines that dont require remote access...and exclude a number for static ips...for the ones that do...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    How big is the network?

    Does he want static IP's for all hosts/servers etc on the network?

    Or as you are the ISP is he asking for a static external IP that the ISP (you?) assign to him?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  8. #8
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    Two months back when i was configuring an ADSL router at a clients site, the client questioned me about the the working of the ADSL router. I explained to him what was ADSL and how we (ISP) used NAT to dynamically allocate IP addresses.
    Sounds like the ISP doesn't assign public addresses to customers, but
    private addresses through NAT (cheapskates).
    And by "live" address, the customer means "public" address.

    I don't blame them. I can think of lots of things that are made
    more difficult if you don't have a public ip address. It's one thing to
    put your computer(s) behind your own NAT router, but if the isp
    only gives you a private nat address, that's lame.


    On the other hand, maybe he's complaining that individual
    computers behind the local nat router don't get public addresses.
    But he'd have to pay more for more addresses.
    I don't think the question was about static ips though.
    I came in to the world with nothing. I still have most of it.

  9. #9
    Junior Member
    Join Date
    Oct 2003
    Posts
    8
    I can't really see this as a security issue. Someone saying this would lead me to believe it would be more of a software issue. I know there are cases for having live ip's if you are running https sites, or other merchant software, but I have never ran across it as being more secure for live ip's verse private ips.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides