Re: Losing Static IP Address / Changing to Automatic (expects DHCP)
From: Fred Marshall (fmarshallx_at_remove_the_x.acm.org)
Date: 06/18/04
- Next message: RomanDA: "Re: Multiple Networks--- 1 PC??"
- Previous message: Catwoman: "RE: IE problems."
- In reply to: Chuck: "Re: Losing Static IP Address / Changing to Automatic (expects DHCP)"
- Next in thread: Fred Marshall: "Re: Losing Static IP Address / Changing to Automatic (expects DHCP)"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Jun 2004 05:34:00 -0700
"Chuck" <none@example.net> wrote in message
news:i1i3d0dqffq7d30ltco1g5kk0cj8rb3nd9@4ax.com...
> On Thu, 17 Jun 2004 07:19:33 -0700, "Fred Marshall"
> <fmarshallx@remove_the_x.acm.org> wrote:
>
>
> You're right - your network is somewhat unconventional. And maybe a
little
> insecure too.
>
> Using static ip addresses is a good idea on a small LAN, where you can
assign
> addresses, and control connections, rigorously. Dynamically assigned
networks
> are a good idea for larger LANs, or for LANs where connections come and
go, and
> you don't control them.
>
> Very few LANs of any size aren't connected to the internet these days.
Without
> a connection of some type to another subnet (thru a router), there is no
need
> for a default gateway (or any gateway). So all you need is a unique ip
address,
> with the appropriate subnet mask.
>
> Typically, business LANs don't use XP Home either.
>
> Actually, if you don't have outside connection, there is really no need to
use
> ip. Except for the laptops. But that's another matter.
>
> What are these laptop owners doing when they connect to the LAN? How do
they
> magically have the right (fixed) ip address to connect to your resources,
even
> if they don't cause an address conflict? What resources do you not value,
and
> leave open to their discretion?
>
> If you are accepting laptops, that you don't control, being connected to
your
> network without your supervision, you have more problems than duplicate ip
> addresses.
>
> Go to the nearest computer store, and get a $50 NAT router with DHCP.
That
> would be unconventional too, but it would take care of your address
problem.
>
> But IMHO, you should review your security policy.
Interesting... there are a couple of topics here.
Yes, I could inject a NAT router with DHCP or, I guess, set up ICS with
DHCP on one of the computers without an internet connection on the "other"
NIC.
Not that it matters but just for context: I work in a small community with
only small businesses. The larger ones will typically have laptops that are
owned by the company and used by one employee each. The president is often
one of those employees. So, the employees are trusted but their computers
should not be I imagine is your point.
I'm a hired gun who comes in when they think they need help..... So the
security features vary widely and I'm trying to find good ways to improve
their practices.
One thought is to use a double-layered NAT architecture and to put the wild
card computers in the outer zone - something like a DMZ but to keep *them*
off the inner network entirely.
Thanks,
Fred
- Next message: RomanDA: "Re: Multiple Networks--- 1 PC??"
- Previous message: Catwoman: "RE: IE problems."
- In reply to: Chuck: "Re: Losing Static IP Address / Changing to Automatic (expects DHCP)"
- Next in thread: Fred Marshall: "Re: Losing Static IP Address / Changing to Automatic (expects DHCP)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
