[Discuss] selecting a subnet

[gaf at blu.org (Jerry Feldman)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The reason I suggested password is that it just restricts the ad hoc
user from using the network. This is a short-term requirement for the
OP. And, assuming the WAN port of the router is plugged into the
corporate network. This way the nonroutable addresses will not be
exposed. However, I have seen (and done) routers connected to corporate
networks as switches with the wifi turned on.

In any case, agreeing with Derek that what the OP is doing is not a good
thing, but in this specific case, you are not going to expose those
addresses to the corporate network, but you are allowing them onto the
corporate network rather than an isolated guest network, which is a bad
thing. While the non-routable addresses are not exposed, anyone on that
subnet can go through the firewall. They can get at the company intranet
as well as the Internet.



On 09/15/2014 11:18 AM, Bill Horne wrote:
> On Monday, September 15, 2014 09:28:30 AM Jerry Feldman wrote:
>> I am with Derek in this case, but remember that 192.168.n.n, 10.n.n.n
>> and 172.16 - 172.31 are non-routable meaning that your router SHOULD
>> never expose these addresses beyond the subnet. So, in the case where
>> you have to set something up at the last minute, the 192.168 addresses
>> are not going to conflict. I would also make sure that the wifi is set
>> up with a pass code so that people outside the group can't use it
>> although in this case the risk is minimal. especially if you disconnect
>> the router after the boy scout meeting.
>
> Although the Internet won't relay detached network addresses, that's not
> necessarily the case inside a corporate network. Moreover, the average
> corporate network is awash in "accidental" routers, including portable
> cellular terminals, laptops with network sharing enabled, and the
ubiquitous
> "consumer grade" routers that are /always/ going to be plugged in at any
> company picnic or other event when IT isn't involved in advance.
>
> I agree that passwords are an important security feature, but I've
never seen
> them enabled on any router set up by the well-meaning civilians at
company
> events. They aren't thinking about security; they concentrating on not
burning
> the hot dogs.
>
> We could each write a book about the ways that "self install"
technologies
> affect computer network security. It's just not something that anyone
in a
> position of authority will ever read.
>
> FWIW.
>
> Bill
>
>

- -- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVBcsHnzqMPw7weuQAQJBtggAq5Xb0ViE3xU9854O7IxxXaPFvmFBNzBz
eiQcjxowVNqPZcQqbu7OkWrmmKSowbaOfr5Lqjz/QwDFLt/QsbJn+jntsUNIHwoL
Qkf+wmQEwuH6NJ4Uz2b+zjrBwxgW3WbqJPqkHOM2TWwuWnuOBvwSJ5Lh0ZGUyd5H
fMrca3FlxxlgJ5FmU+Lo4/heKMNdjHJxrMDBAZTPeXw9y+1mNa9nBMYzsb/RTgrz
u5Xv6cJzxYEMbcac1nJhX3doGrbgbc1toCKDRqfFjhsjHHi12To8sJNQN5l5iupF
C+XJur9QX2CMbL4nM3PuwNABvE/Ws2DnYZpPm8eSB39EiwZKOJ2/UQ==
=wwaI
-----END PGP SIGNATURE-----