[Gllug] Public IPs - When are they appropriate

Richard Cottrill richard_c at tpg.com.au
Mon Nov 12 11:09:30 UTC 2001 

I think Ernst & Young have the right idea (well sort of). They should have
some meaty firewalls there (and you say they do). But to be frank *everyone*
should have a public IP address. That's after all what they were designed
for. When you get down to it, NAT is a bit of a nasty hack and Ernst & Young
are just implementing IP as it was always intended, and as IPv6 intends for
the future.

Let's face it there's a certain empowerment for users (and developers
working for them) where you can safely assume a *real* IP address.

There are security concerns or course, but even Windows behind a moderate
firewall is going to be secure against a moderate to good script kiddie. If
the threat is different to that (how very unlikely) then NAT and more
vicious firewalls aren't going to make too much difference to the security.

The most common 'hacker' in a company is one of that company's own
employees. 'Crusty' security (firewalls on the outside) is not actually
security, and particularly not from internal threats. I think Ernst & Young
have the right idea. If only other companies could justify the cost of
buying public addresses then maybe IPv6 would actually get some legs.

Comments welcome and expected.

Richard

> -----Original Message-----
> From: gllug-admin at linux.co.uk [mailto:gllug-admin at linux.co.uk]On Behalf
> Of Xander D Harkness
> Sent: Sunday, November 11, 2001 3:53 PM
> To: gllug at linux.co.uk
> Subject: [Gllug] Public IPs - When are they appropriate
>
>
> I was speaking to a network engineer from Ernst and Young yesterday who
> advised me that every computer they have is on a public IP.  This
> obviously includes mail and we servers, but also every laptop and
> desktop machine.
>
> He said that that this was to aid communication throughout sites and to
> ensure that there would be no problem with people moving between sites.
>
> As far as I can see there is nothing here that should be done using VPNs
> between sites and a good DHCP set up.
>
> In addition I thought one of the reasons to use private IPs is that they
> are not normally routed by routers, hence there is less chance of
> hacking or leaking data onto the internet.
>
> EY keep their machines behind firewalls and the laptops pretty well
> locked down.
>
> Is this not a huge waste of public IP address and money, not to mention
> a security risk.  Or am I missing something?
>
> Cheers
> Xander
>
>
>
>
> --
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list