nanog mailing list archives
Re: RFC1918 addresses to permit in for VPN?
From: <mdevney () teamsphere com>
Date: Wed, 3 Jan 2001 12:48:46 -0800 (PST)
On Tue, 2 Jan 2001, Stephen Griffin wrote: <snip>
are trying to make. Security through obscurity is no security at all.
All other points in this monstrous thread aside, this one is wholly incorrect. Security through obscurity is nothing to depend on, but every little bit helps. Please, by all means, use a firewall, preferably several chained in an old-fashioned bastion design. Use access lists - they're your friend! Filter your routes, filter all packets not going to a valid IP/port, hell block ping and traceroute so nobody can map your network, and of course secure your servers. But when all that's done -- still don't advertise. Security through obscurity helps just that tiny extra bit. At the very least there will be less logs to pore over, 'cause script kiddies don't know who you are.
Current thread:
- RE: RFC1918 addresses to permit in for VPN?, (continued)
- RE: RFC1918 addresses to permit in for VPN? Richard A. Steenbergen (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? Richard A. Steenbergen (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? Richard A. Steenbergen (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? John Fraizer (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? mdevney (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Stephen Stuart (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Stephen Sprunk (Feb 24)
- RE: RFC1918 addresses to permit in for VPN? Deron J. Ringen (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Stephen Griffin (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? mdevney (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Josh Richards (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Bennett Todd (Feb 24)
- Re: RFC1918 addresses to permit in for VPN? Andrew Brown (Feb 24)