The easiest way to hide system names and IP addresses from external scanners is to use Network Address Translation...
(NAT) on your network. NAT devices (usually border firewalls) allow you to use private addresses on your internal network and public addresses on your external one. Unless a NAT rule is specifically enabled, such configuration prevents anyone on the Internet from reaching systems that use private addresses.
When using NAT, it's a matter of best practice to use RFC 1918-reserved private address ranges. These include the 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255 address ranges. These addresses are not routable over the Internet, and they can protect you from firewall mis-configurations.
- A SearchSecurity.com reader asks whether firewalls alone can block port-scanning activity.
- Is it ever a good idea to put a firewall before a router?
Dig Deeper on Monitoring Network Traffic and Network Forensics
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.