|
Lesson 1
Determining IP Addressing Requirements
2-11
Security Alert
One of the most common ploys used by Internet criminals today is to dupe
an unsuspecting user into downloading and running a program that is
essentially a special-
purpose server application. The intruders may camouflage these programs,
called Trojan
horses or just Trojans, as image files or other innocent applications, which
are typically deliv-
ered through e-mail or downloaded from a Web site. When the user runs the
program, it
broadcasts the computer’s availability to the Internet, enabling
unauthorized users to take
control of it at will. Private addressing therefore provides a distinct
advantage over using pub-
lic addresses, but it is not a panacea.
Planning IP Addresses
A first step in creating an IP addressing plan for your network is
determining what
types of Internet access each computer requires, if any. Most organizations
today give
their network computers some access to the Internet, and in these cases, you
should
know the circumstances in which you must use registered IP addresses. For
computers
that are strictly Internet clients, that is, for users who need access to
the Web and sim-
ilar services, unregistered IP addresses are the best solution, along with
either a NAT
router or a proxy server. Whether you use NAT or a proxy server depends on
how
much Internet freedom you want to grant your users and what types of client
applica-
tions they will use.
For computers that must function as Internet servers, registered IP
addresses are
required. Most networks need only a few registered IP addresses, and they
lease them
from their ISP for a nominal fee. For organizations with a large Internet
presence
requiring many addresses, you might have to acquire a network address of
your own
and assign host addresses as needed.
Using registered IP addresses affects the network infrastructure design in
other ways
as well. As mentioned earlier, most organizations put Web servers and other
regis-
tered computers on a network of their own. This also means that you should
not use
these same computers to run important internal services. For example, you
should
not use the same computer to host your Web server and your company’s private
cus-
tomer database. A registered computer is inevitably more vulnerable to
attack than
an unregistered one, and it should contain only the information needed to
perform
its primary function.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)