[MLB-WIRELESS] Private network? I think not...

Adrian Close adrian at close.wattle.id.au
Fri Oct 26 12:16:21 EST 2001


On Fri, 26 Oct 2001, David Arnold wrote:

> from a purist's perspective, unless you have an unfiltered,
> bidirectional gateway, your participation in the Internet is
> incomplete.
>
> i don't think this contradicts your basic point, however ;-)

Exactly.  I thought about explaining in detail and decided that the best
way to make my point and get it across was to be blunt.

Obviously how much a part of the Internet you want to be is an interesting
question (I'm sitting here writing firewall policy at the moment).  But
starting off with the assumption that you are part of the Internet is
essential to good network design, in my view.

> and for things like node numbering, it is insane to assume otherwise
> (i've heard recently that Telstra has internal IP networks that use
> addresses allocated to other entities on the public Internet.
> craziness!)

Yup.  And some people think the answer is to use NAT boxes all over the
place.  The horror.

rant/
Same goes for split DNS.  Why would you care if people can work out your
network architecture?  It is insecure in some way? Does that mean those
hosts on your internal network are insecure?  Why are they insecure?  Why
not fix them?  (Because it's Microsoft?  Why in hell are you running
Microsoft stuff?  Because your sales staff want it?  Why are you paying
good money for insecure software?  Ha!  Let them eat cake... err, I mean
StarOffice).  /rant

I prefer to engineer things properly.  If there's a problem, don't kludge
around it - fix the root cause.  It might take longer, but the rewards are
great.

> assuming that you *can* (or will be able to one day) reach the
> internet is sensible, but architecting your network services so you
> don't always have to could be beneficial.

Absolutely.

Adrian Close			email:	adrian at close.wattle.id.au
1 Old Gippsland Rd.		web:	http://www.close.wattle.id.au/~adrian
Lilydale, VIC, 3140, Australia	mobile:	+61 412 385 201

Echelon teaser: MD5 RX-7 SSL Kiwi TRD DEADBEEF Bubba


--
To unsubscribe, send mail to minordomo at melbwireless.dyndns.org with a subject of 'unsubscribe melbwireless'  
Archive of the Entire mailinst list at:
http://melbwireless.dyndns.org/cgi-bin/minorweb.pl?A=LIST&L=melbwireless



More information about the Melbwireless mailing list