Google for "NAT is not a security feature" and review all the discussions and 
unnecessary panic over a lack of NAT support in IPv6. If your SCADA network can 
reach the public internet then your security is only as good as your firewall, 
whether you NAT or not. If your SCADA network is completely isolated then it 
doesn't make a bit of difference what addresses you use.

-----Original message-----
From: Jason Lewis <jle...@packetnexus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Sent: Sun, Nov 13, 2011 15:36:43 GMT+00:00
Subject: Arguing against using public IP space

I don't want to start a flame war, but this article seems flawed to
me. It seems an IP is an IP.

http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html

I think I could announce private IP space, so doesn't that make this
argument invalid? I've always looked at private IP space as more of a
resource and management choice and not a security feature.


Reply via email to