RE: Company Firewall's IP Address

["Eric Schroeder" <ericschroeder () satel com>]

Leonard,

It is trivial to "hide" the IP address of the firewall by using a 
different IP address to NAT all of your internal machines behind.  If the 
firewall then responds to no network traffic directed directly at it, it 
is effectively "hidden".

IMHO,

Eric Schroeder
Satel Coporation





<Leonard.Ong () nokia com>
11/14/2002 11:53 PM

 
        To:     <bianco () jlab org>, <tonytorri () yahoo com>
        cc:     <security-basics () securityfocus com>, <cisaca-l () purdue edu>
        Subject:        RE: Company Firewall's IP Address


Hi,

As my previous email, there is no way you can 'hide' the firewall external 
interface IP Address.  It is generally an acceptable practice with a good 
comfort level to have this in real world.  There are something you can do 
:

1) Obscure the DNS name for firewall e.g. don't assign a DNS name like 
'Dallas-FW-Ver3.x'
2) Use stealth connection - Drop every connection attempt to your 
firewall, this supposed to make your firewall stealth.
3) Carefully check your security policy to make sure there is no gap / 
unintended holes.
4) Use AntiSpoofing.
etc.

Having said that, the social engineering, that exploit regular computer 
users' panic, that really matters in the advertisement.



Regards,
Leonard Ong, CISSP, CSS-1, CCSE, MCSE, 
             MCDBA, CCNP, CCDP, NSA, LCP
Network Security Specialist, APAC
NOKIA

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596