|
-
October 7th, 2005, 06:08 AM
#1
Junior Member
 Live IPs are more secure??
Hi,
Two months back when i was configuring an ADSL router at a clients site, the client questioned me about the the working of the ADSL router. I explained to him what was ADSL and how we (ISP) used NAT to dynamically allocate IP addresses.
One month later i recieved a complaint, and when i went to attend it---- everything was fine!!. Now when i met their admin. (the person who registered the complaint) he told me that he needed Live IPs to maintain the security of his organisation.
Still even today, i wonder how the network would become more secure when Live IPs are used instead of dynamic NAT??
-
October 7th, 2005, 07:27 AM
#2
Could it be so that if they used static IP's he could simply deny acces to any ip address in the range that he hadn't assigned at the firewall? Or maybe he was worried that people could just walk in and plug into his network and be given an address via DHCP, instantly giving them access?
Just a couple of almost incoherant thought drifting in my head at the moment.
If everything looks perfect, then there is something you don\'t know
-
October 7th, 2005, 07:35 AM
#3
It could be he wants to implement a firewall and/or a VPN security gateway to secure homeworkers and such. And since local ranges aren't routable over the internet and NAT can be a pain to vpn's for.ex. i can imagine he wants a public ip. Also that way its easier to open up outbound-servers for.ex in a secured DMZ etc etc
Cheers
-
October 7th, 2005, 08:55 AM
#4
Junior Member
Well.....DHCP is implemented at the customers' premises, so it can be disabled or enabled, you wouldnt need live ips for doing that. Also the subnet (of the enterprise) could be changed without much problems since we had an ADSL ROUTER.
Firewalls i feel can be implemented using a private address and can be as secure (if not more) as when implented with Live ips. VPNs....... even i felt that they would implement VPNs with the internet addresses, but its confirmed that they are not using VPNs.
So why would someone shell out more money for Live IPs if he isnt using VPNs........Security?? thats what he says !
-
October 7th, 2005, 04:56 PM
#5
Originally posted here by Surface
Well.....DHCP is implemented at the customers' premises, so it can be disabled or enabled, you wouldnt need live ips for doing that. Also the subnet (of the enterprise) could be changed without much problems since we had an ADSL ROUTER.
Firewalls i feel can be implemented using a private address and can be as secure (if not more) as when implented with Live ips. VPNs....... even i felt that they would implement VPNs with the internet addresses, but its confirmed that they are not using VPNs.
So why would someone shell out more money for Live IPs if he isnt using VPNs........Security?? thats what he says !
I have to ask what do you mean by "Live IPs?" I'm thinking you mean a static IP, but I've been in networking for awhile and have never heard it called a Live IP...
Also, what do you mean by NAT dynamically assigns IPs? NAT does nothing of the sort, it is a routing algorithm. DHCP dynamically assigns IPs, not NAT. In NAT you give out a public IP, and then there are private IPs behind that. The dynamic IP you get from an ISP is not private as you can very easily route information directly to that IP address. It does have to go through the ISP routers, but they are going to use BGP or some other form of IP routing, not NAT.
-
October 7th, 2005, 05:22 PM
#6
I am with mohaughn on this live ip static thing.
And for the minimal amount of information given..
He wants static IPs behind the router???
Depending on the router and setup...maybe he needs to direct certain remote traffic to certain devices\machines on his lan...web traffic to a web server...email to the email server...
That way it would be more secure then just allowing this specific traffic into all machines\devices on the lan...
This would require static ips on the lan...or part of.
Depending on the router...you can give out dynamic to a majority of the machines that dont require remote access...and exclude a number for static ips...for the ones that do...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 7th, 2005, 05:43 PM
#7
How big is the network?
Does he want static IP's for all hosts/servers etc on the network?
Or as you are the ISP is he asking for a static external IP that the ISP (you?) assign to him?
-
October 7th, 2005, 08:10 PM
#8
Two months back when i was configuring an ADSL router at a clients site, the client questioned me about the the working of the ADSL router. I explained to him what was ADSL and how we (ISP) used NAT to dynamically allocate IP addresses.
Sounds like the ISP doesn't assign public addresses to customers, but
private addresses through NAT (cheapskates).
And by "live" address, the customer means "public" address.
I don't blame them. I can think of lots of things that are made
more difficult if you don't have a public ip address. It's one thing to
put your computer(s) behind your own NAT router, but if the isp
only gives you a private nat address, that's lame.
On the other hand, maybe he's complaining that individual
computers behind the local nat router don't get public addresses.
But he'd have to pay more for more addresses.
I don't think the question was about static ips though.
I came in to the world with nothing. I still have most of it.
-
October 8th, 2005, 02:42 AM
#9
Junior Member
I can't really see this as a security issue. Someone saying this would lead me to believe it would be more of a software issue. I know there are cases for having live ip's if you are running https sites, or other merchant software, but I have never ran across it as being more secure for live ip's verse private ips.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
