Main Nav

In late August, I developed a simple SurveyMonkey and asked a few questions about Private vs. Public IP Addresses (to see if any consistent thread could be gleaned.)  The responses follow:

 

 

 

 

 

 

 

Question 5 - If you have any College/Dept IT Mgrs, faculty or researchers who have insisted on keeping/maintaining public IP addresses, what were their reasons?

 

Other (responses)

 

·        No one has kept public IP addresses. All are NAT'd or PAT'd and managed by central IT.

·        Only our public facing servers have global IPs, reachable only from outside. Even such servers have private internal addresses for campus access.

·        They have had no need to ask. Private addresses are only used for our wireless network and special purpose sensitive networks such as point-of-sale, physical security infrastructure, and back-end servers in the data centers.

·        We have no issue with anyone keeping public IP addresses. We do not depend on RFC1918 addresses as a security layer. Perimeters are established via other mechanisms. We are deploying network virtualization for some administrative nets where units wish to have a more corporate-style network posture.

·        Note that 0% of internal machines have public IPs (i.e., static external IP setup on machine via Nat0) however we do NAT addresses out and we do have 1 for 1 statics on certain vlans so that we can track malicious activity. We know it is common practice for allot of colleges/universities to have Nat0 or no firewall(god forbid) but we feel every layer we can add is an extra boundry that can protect us. Transparency is important when it comes to accountability and as we move toward IPV6 we will see how important it really is. Hope this helps!

·        they have them and we never ask them to give them up.. everyone is on a public IP.. BUT they are not open inbound from the internet. except tcp port by port basis after full security audits. I only have about 100 addresses with inbound rules. on all of campus.

·        We use private addresses only when application/device security needs demand it.

·        Your premise that central IT is coaxing, cajoling or coercing our users to not have public IP addresses doesn't apply to us. We only "require" private IPs on printers and other strictly local devices like PCI-compliant workstations. Maybe we don't understand the risks/benefits and technology and are fear-based. (usu.edu)

·        The only things that have NON-public IP addresses are infrastructure things, e.g., switches, access points, surveillance cams, etc.

·        We have not tried to take them away. We have a Class B and have not ever bothered to renumber everything to a private IP space. We've talked about it, but honestly, it will probably never happen until we go to IPv6 (and we have no concrete plan to do that anytime soon either).

·        All of our IP addresses are currently public.

·        We have central IT, so there aren't College/Dept IT Mgrs.

 

 

 

 

Michael G. Carr, JD, CISSP, CIPP

Chief Information Security Officer

The University of Kentucky

122 James F. Hardymon Bldg

Lexington  KY  40506-0495

Desk: (859) 218-0306

Mobile: (513) 295-3067

Michael.Carr@UKy.edu

 

 

 

Security/Privacy Tip:  Never, ever email your SSN, credit card numbers or passwords.  Period.

 

AttachmentSize
image001.jpg13.34 KB
image002.jpg18.92 KB
image003.jpg16.58 KB
image004.jpg17.14 KB
image005.jpg23.27 KB
image006.jpg18.42 KB
image007.gif416 bytes
image008.gif6.59 KB

Comments

Michael,

 

I am interested in hearing about your conclusions from this data? What was your intent in collecting this information and what have you gained from it?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Brian Basgen

Assistant Vice Chancellor for IT (Acting)

Pima Community College

Office: 520-206-4809

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Message from bmccrary@osrhe.edu

I am curious too and a bit surprised at the results.

 

Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+

bmccrary@osrhe.edu

 

Protecting data is a shared responsibility!

 

INSTALL antivirus and antispyware software.

USE strong passwords.

KNOW who you are dealing with online.

STORE confidential and sensitive data on encrypted devices only.

SHUT DOWN home computers or disconnect from the Internet when not in use.

 

Oklahoma State Regents for Higher Education
655 Research Parkway

Suite 200

Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

 

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify the sender and immediately, delete this communication from your system.

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.