I'm trying to figure out how to limit Ethernet adapters so that they only get assigned private IP addresses as per RFC1918. The issue arises because we don't have control over the DHCP server, and I want to prevent any public IPs from potentially allowing attackers to access our network directly. This situation is becoming more common as some ISPs are offering services that issue public IPs without NAT. Is there a way to enforce this using Windows Firewall rules?
4 Answers
Instead of trying to limit IP address assignment, why not set up a firewall and a router between your network and the unpredictable infrastructure? It seems like a more robust solution to protect your setup.
You really need to understand how routing works to manage IP assignments properly. Remember, not all non-RFC1918 spaces are public. There’s actually private address space assigned that’s not RFC1918—like 100.64.0.0/10. If you set your host firewall correctly, you should be well protected from unwanted inbound connections.
Relying on NAT for security isn't the best approach. You might want to consider implementing security software on your devices. Also, keep in mind that a significant portion of internet traffic is now IPv6, which could affect your plans.
The best way to handle this situation is through a solid firewall. You can't control the internet configurations of employees working from home, but ensuring the host-based firewall on all endpoints is enabled can help. It's crucial to block all inbound traffic by default, allowing only the necessary connections for local development if needed.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures