Announcement

Collapse
No announcement yet.

A security issue of questionable priority - Public addresses used on private network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A security issue of questionable priority - Public addresses used on private network

    I have recently been asked my opinion about a network/security consideration for an industrial technology company.

    The private LAN IP address range is 123.123.1.x which is publicly registered to China. It is suspected that industrial control system (PLC), guest computers, domain controllers, everything all co-exist on this same 123.123.1.x network. The company does not have their own IT staff, and have been outsourcing to a variety of IT contractors so there is no coordinated management of this companies overall security posture. There are inbound and outbound connections to other industrial infrastructure. As a result, the firewall configuration is complex, and has been tweaked by a variety of consultants. I suspect this is just the tip of the iceberg for this company having a poor IT/security posture.

    Your responses to any or all of the following questions would be appreciated:

    1. On a scale of 1 to 10, 10 being the highest, how urgent do you believe fixing these problem to be?

    2. If you were to fix this problem, where would you prioritize your efforts:
    A- Expert assessment and locking down of the firewall
    B- Isolating the industrial control system from the guests and employee machines
    C- Migrating all LAN networks over to the RFC 1918 widely accepted private IP ranges
    D- Other

    3. If you were an IT consultant working at the above site and observed the use of the 123.123.1.x network, would you have brought it up to management and if so, how?

    Thanks Petri and all!

  • #2
    Re: A security issue of questionable priority - Public addresses used on private netw

    Homework time?

    It is not clear whether you are on the 123.123.1.x network or if you are being attacked from it. If this is a real problem, some logs or screenshots might help
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: A security issue of questionable priority - Public addresses used on private netw

      The internal LAN devices are configured to use the 123.123.1.x address range. The firewall reports do indicate blocked viruses/malware, as well as prevented intrusions. I was not told that there was any known attacks presently, but I will inquire about seeing the logs.

      Thank you for the reply.

      Comment


      • #4
        Re: A security issue of questionable priority - Public addresses used on private netw

        RFC 1918 was intended to stave off the exhaustion of routable ip addresses. There was no security component as part of that RFC. Any security benefit you think it confers was completely unintentional. Before RFC 1918 everyone used routable ip addresses on their internal networks.

        Using RFC 1918 addresses internally doesn't make your internal network any more secure than if you didn't use them. Your firewall and perimeter controls make your network secure, whether or not you use routable ip addresses or not. I've worked in many environments that used routable ip addresses internally and I can't say that I ever knew those networks to be at any more risk than networks that did use RFC 1918 ip addresses.

        Anyone who says that RFC 1918 addresses confers an additional layer of security, doesn't know security.

        http://tools.ietf.org/html/rfc1918

        See section 6.
        Last edited by joeqwerty; 16th February 2012, 20:15.

        Comment


        • #5
          Re: A security issue of questionable priority - Public addresses used on private netw

          OK, granted RFC 1918 isn't about security, but ignoring it does emphasize the need to have a properly and thoroughly configured perimeter firewall. The nice thing about using the private networks on LANs, is that if a router or firewall is mis-configured, those LAN IP addresses are dropped by the Internet Service Provider. So my perception is that this is not so much a layer of security, as much as it is a layer of protection against human error.

          Will you agree with me on this detail?

          Something about having network ranges publicly registered to China configured as a trusted internal address space of an industrial technology company during this era of state sanctioned cyber-espionage unsettles me. Yes, enterprise firewalls enable you to associate the address range with a specific interface, but behind the GUI is code that I will never review to know whether the firewall can correctly differentiate a trusted address range on one interface from the untrusted WAN interface which is the target of thousands of intrusion attempts, some of which are bound to originate in China. I am not confident that this firewall was setup by experts, but Im guessing from your post joeqwerty that in response to question 2 - you would start with the firewall and for question 3 that you would not be concerned about the 123.123.1.x and so there is no need to notify management.


          Thank you for engaging in this dialog with me, as it is exactly why I came to the Petri forums.

          Comment


          • #6
            Re: A security issue of questionable priority - Public addresses used on private netw

            I would start with the firewall/perimeter of the network.

            As far as the internal routable ip addresses are concerned I would mention it to management from the perspective of:

            A. It's unorthodox but not technically incorrect. Internal resources wouldn't be any more secure by using RFC 1918 ip addresses than they are now.

            B. The use of RFC 1918 ip addresses does confer more flexibilty in regards to: better allocation/use of ip addresses and greater control of the ip address space.

            Also, just because they're using routable addresses internally (seemingly ignoring today's "standard" of using RFC 1918 addresses) doesn't mean they've ignored or overlooked security. You may find that to be the case, but I wouldn't make that presumption right out of the gate.

            At any rate, keep us posted on your plans and progress.

            Comment


            • #7
              Re: A security issue of questionable priority - Public addresses used on private netw

              Originally posted by joeqwerty View Post
              Anyone who says that RFC 1918 addresses confers an additional layer of security, doesn't know security.
              Joeqwerty, I personnaly believe that RFC1918 IP addresses + NAT provide an additionnal layer of security, du to the simple fact that these IP addresses cannot be accessed from the Internet in most of the cases. But I've seen some people saying it does not, without demonstration.

              Please can you explain with a technical answer why you don't agree? Or can you demonstrate?

              Thank you.

              Comment

              Working...
              X