Subnet Security

Hello,

I am wondering about a possible security issue here.

I want to add a wireless router on a network that is a
WAN side
10.222.221.xxx
255.255.255.0
10.222.221.254

I want to add this in a public place and of course this is a basic router with
ROUTER LAN side
192.168.1.xxx
255.255.255.0
192.168.1.1

Would a savvy customer be able to "backtrack" the network?
Or access any other data on this configuration?
Thank you
Joseph

What routes between 10.222 and 192.168 depends on the "firewall" or Acess
list on the router. There is no way to "backtrack" apart from what the
router routes.
Anthony
www.airdesk.co.uk



"Joe" <(E-Mail Removed)> wrote in message
news:025D92AE-E6C4-4E0B-8D9D-(E-Mail Removed)...
> Hello,
>
> I am wondering about a possible security issue here.
>
> I want to add a wireless router on a network that is a
> WAN side
> 10.222.221.xxx
> 255.255.255.0
> 10.222.221.254
>
> I want to add this in a public place and of course this is a basic router
> with
> ROUTER LAN side
> 192.168.1.xxx
> 255.255.255.0
> 192.168.1.1
>
> Would a savvy customer be able to "backtrack" the network?
> Or access any other data on this configuration?
> Thank you
> Joseph

If you configure the router as a NAT router the 192.168.1 machines cannot
be contacted from the 10.222.221 side. NAT is a one-way address translation
process.

"Anthony" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> What routes between 10.222 and 192.168 depends on the "firewall" or Acess
> list on the router. There is no way to "backtrack" apart from what the
> router routes.
> Anthony
> www.airdesk.co.uk
>
>
>
> "Joe" <(E-Mail Removed)> wrote in message
> news:025D92AE-E6C4-4E0B-8D9D-(E-Mail Removed)...
>> Hello,
>>
>> I am wondering about a possible security issue here.
>>
>> I want to add a wireless router on a network that is a
>> WAN side
>> 10.222.221.xxx
>> 255.255.255.0
>> 10.222.221.254
>>
>> I want to add this in a public place and of course this is a basic router
>> with
>> ROUTER LAN side
>> 192.168.1.xxx
>> 255.255.255.0
>> 192.168.1.1
>>
>> Would a savvy customer be able to "backtrack" the network?
>> Or access any other data on this configuration?
>> Thank you
>> Joseph
>
>

No.

And neither one of those address ranges, so they are both "unreachable" from the
Internet no matter if you add a NAT Device or not. There is already a NAT
Device between the 10.* network and the Internet to start with,...you just
aren't aware of it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------

"Joe" <(E-Mail Removed)> wrote in message
news:025D92AE-E6C4-4E0B-8D9D-(E-Mail Removed)...
> Hello,
>
> I am wondering about a possible security issue here.
>
> I want to add a wireless router on a network that is a
> WAN side
> 10.222.221.xxx
> 255.255.255.0
> 10.222.221.254
>
> I want to add this in a public place and of course this is a basic router with
> ROUTER LAN side
> 192.168.1.xxx
> 255.255.255.0
> 192.168.1.1
>
> Would a savvy customer be able to "backtrack" the network?
> Or access any other data on this configuration?
> Thank you
> Joseph

No, the router NAT will hide your inside IP structure from external
exposure.

--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu

"Joe" <(E-Mail Removed)> wrote in message
news:025D92AE-E6C4-4E0B-8D9D-(E-Mail Removed)...
> Hello,
>
> I am wondering about a possible security issue here.
>
> I want to add a wireless router on a network that is a
> WAN side
> 10.222.221.xxx
> 255.255.255.0
> 10.222.221.254
>
> I want to add this in a public place and of course this is a basic router
> with
> ROUTER LAN side
> 192.168.1.xxx
> 255.255.255.0
> 192.168.1.1
>
> Would a savvy customer be able to "backtrack" the network?
> Or access any other data on this configuration?
> Thank you
> Joseph

Hello,

Thank you all very much. I wanted to make sure that no one would type in
\\10.xxx.xxx.xxx\share and find it. But in all likleyhood they would have to
know the IP range in the first place.

Thanks again
Joseph


"Johan Engdahl" wrote:

> No, the router NAT will hide your inside IP structure from external
> exposure.
>
> --
> ----------------------------------------------------------------------------------------------------------------------------
> Johan Engdahl
> CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu
>
> "Joe" <(E-Mail Removed)> wrote in message
> news:025D92AE-E6C4-4E0B-8D9D-(E-Mail Removed)...
> > Hello,
> >
> > I am wondering about a possible security issue here.
> >
> > I want to add a wireless router on a network that is a
> > WAN side
> > 10.222.221.xxx
> > 255.255.255.0
> > 10.222.221.254
> >
> > I want to add this in a public place and of course this is a basic router
> > with
> > ROUTER LAN side
> > 192.168.1.xxx
> > 255.255.255.0
> > 192.168.1.1
> >
> > Would a savvy customer be able to "backtrack" the network?
> > Or access any other data on this configuration?
> > Thank you
> > Joseph
>
>
>

"Joe" <(E-Mail Removed)> wrote in message
news:6E690D8F-B61D-4DC7-9897-(E-Mail Removed)...
> Thank you all very much. I wanted to make sure that no one would type in
> \\10.xxx.xxx.xxx\share and find it. But in all likleyhood they would have to
> know the IP range in the first place.

No, they couldn't. 10.* is an RFC Private Address range that is not reachable
from the internet. You already have a "NAT Device" present to begin with
whether you know it or not.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed (as annoying as they are, and as stupid as they sound), are
my own and not those of my employer, or Microsoft, or anyone else associated
with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------