Public IPs.

At some point you will have to manage something outside your current world or 
your organization will need to merge/partner/outsource/contract/etc with 
someone else's network and they might not be keen to route to your ULA space 
(and might not be more trustworthy than the internet at large anyhow).  Think 
about things like VPN endpoints, video devices, telephones, etc, that may end 
up on a public network, maybe behind a device you manage.  You may just manage 
routers today, but who knows about tomorrow.  Put behind a firewall and use 
good ingress filtering throughout your network, separating trust zones with 
distinct subnets.

If you are worried about forgetting to enable a firewall, put in a network 
management system to verify connectivity stays blocked combined with a 
monitored IDS.

Reply via email to