General discussion

Locked

Reduce vulnerability by limiting a network's reach

By debate ·
Does your organization really need global connectivity? Do you allow users to roam all over the Internet? Share your comments about reducing vulnerability by limiting your network's reach, as discussed in the July 9 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today! Click this link to subscribe automatically:
http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e036

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Error in European Block list

by harry.graham-brown In reply to Reduce vulnerability by l ...

The list shown in this article for Europe is incomplete. It does not contain my company's (Steria Limited) IP address assignment of (137.213.0.0/16). We are a UK based company and we are registered in RIPE.
Please could you explain how the list was derived. I would like to know how we were missed.

Collapse -

Re: Error European Block list

by Mike Mullins In reply to Error in European Block l ...

Thanks for pointing out my ommission. The article was a proof of concept and I derived my list from the IANA block assignments located @
http://www.iana.org/assignments/ipv4-address-space

I focused on entire networks assigned to RIPE and the 137/8 network is divided among several RIRs, therefor I didn't include it among my list.

For the actual complete entry of RIPE assigned address space, that list is found @
http://www.ripe.net/ripencc/mem-services/general/allocs4.html

Using that list, you could develop your actual access list for RIPE assigned addresses.

I appreciate the response, please feel free in the future to post any other thoughts or concerns in reference to my articles.

Mike Mullins
Security Solutions

Collapse -

Rather than restrictions - how about education

by JimHM In reply to Reduce vulnerability by l ...

Rather than preaching to control something it needs to be restricted and watched over like a bad child. When the child hasn't done anything wrong. :<

Don't you think educating your user base - applying a strong firewall and proxy services, running anti-viruses - anti-spyware is better than subscribing to a list of oversea's sites. You are just tossing dollars into the toilet and flushing. (send me your checks I give you the same service) ...

Rather than restrict it is simpler to educate - and Educated end-user is your best defense :> happy happy Joy Joy ..

Collapse -

Re: Rather than restrictions - how about education

by Mike Mullins In reply to Rather than restrictions ...

JimHM,
How do you educate your users not to browse commercial sites that they use on a day to day basis. Banks, extranet mail or research sites to perform their job function. That's not the point, the point is that information is leaking from their clients to networks that you'd never browse anyway. I deal with several hospitals that don't have any need for foreign access in or out of their network.

You're merely defining another security boundary of your network and the information is free from the RIRs.

The border of your security boundary is a function of the business purpose of the company.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Forums