General discussion
-
Topic
-
External TCP/IP addr
LockedI recently started working for a local government entity. One of the first things that I noticed was that they were not using the “standard” internal IP addresses of 192.168.X.X – I asked why and nobody knew. Later one, I happened to see that a web server’s address fell into the same range. I did a WHOIS and found that there was an entire block of IP’s assigned to this entity, and that the DHCP server is doling out real IP’s to all internal workstations. All of the servers are statically assigned real IP addresses as well.
My questions are: Is this a common practice? Is it safe?
I *always* assign the private address range to internal servers and workstations. It is my understanding that these addresses will not route if theyare accidentally plugged into a live internet hub. Further, it is my understanding that if the firewall is compromised, access to the private network is more difficult, if not impossible, when using the private addresses.
Just curious, as it seems like a major waste of money to have bought such a large block of IP addresses, and seems like a big security boo-boo to be using them internally!
Thanks!
-Mike