When internet service providers offer large-scale services like mobile Internet access and similar ones, they face a common issue like public IP address shortage. As these addresses are verifiably prone to reduce in a fast pace, it becomes difficult to get sufficient addresses that can cover the entire demand for the new services.
Here are a few useful tips for the service providers, following which they can overcome the issue of running such security risks:
Holding the Temptation of Using Private Address
It is a common practice observed among the internet service providers, that to overcome the issue of address shortage, especially during their season of internet box promotion, they get tempted to use up private IP addresses that are available within their own network. But as soon as they start using these private addresses and the existing PAT in the network, they lose an important security features, that is accountability. In such cases the rogue user of a network can attack an outside server and it would be almost impossible to identify him since many users are usually mapped into the same IP address.The only way to differentiate the mis quickly changing their port numbers. Since the source port numbers do not get logged by the application servers, the victim would not be able to provide the necessary information that would help identify the attacker.
Security Implications of Mapping Multiple Users into the same IP address
There are cases in which the network enterprises use a strong authentication with the combination of source IP address that allow a temporary access to the network from any public Internet. In that case, if the service provider of the remote user starts deploying PAT, the remote user would be able to access the enterprise network in a crowd and the IP address of that place would be allowed to access the enterprise servers.
Private Addresses in the Core Network
To reduce the usage of public address in the network, the service provider might get highly tempted to use up private IP addresses and the router-to-router links in their network core. But such decisions bring about a lot of inconvenience to the end users. To save them from such inconveniences, the properly configured firewalls should be able to reject these requests immediately. So,the most recommended practice for the service providers is to use the public IP addresses in the network core in order to allow the users to troubleshoot their connectivity issues, whenever they face any.
The Bottom Line
The Private IP addresses do offer the best solutions for enterprise networks. They provide them the power to deploy large-scale IP networks without any large collection of public IP addresses. But these were not meant to be used for dealing with the addressing issues of. If providers decide to allocate such private addresses to the end users, they have to undertake the risk of losing accountability, leading to serious legal implications. Though using these addresses in the network core seems to be a safe practice, it still makes the troubleshooting of connectivity issues more difficult for the customers.