Penguin
Blame: NetworkingBestPractices
EditPageHistoryDiffInfoLikePages
Annotated edit history of NetworkingBestPractices version 5, including all changes. View license author blame.
Rev Author # Line
1 PerryLorier 1 !!! Numbering
2
5 JohnMcPherson 3 Where possible, the highest valid [IP] in any range should be the default gateway*. So, to set your default gateway, take your broadcast address and subtract one on it, and try that.
1 PerryLorier 4
5 This is why the default gateway on a <tt>/24</tt> is normally <tt>.254</tt>.
6
5 JohnMcPherson 7 __*__ The alternative seems to be the other way around and uses the lowest IP in an address range as the gateway. ie. in a /24 network .1 is the gateway.
1 PerryLorier 8 !!! DHCP
9
10 Use [DHCP] to allocate [IP]s and configure services such as DNS to clients. Make sure that [IP]s allocated have [ForwardLookup]s and [ReverseLookup]s.
11
12 !!! Firewalling
13
14 As much as I hate firewalling, adding firewalling on routers lets you partition your network up to prevent infections in one area from propagating into another. The usual partitioning scheme is to partition the network into internal, [DMZ], and InterNet, but having more partitions can also help.
15
16 !!! DeMilitarizedZone
17
18 If you have a network which has a mixture of workstations and publically-accessable servers, consider the use of a [DMZ] to physically separate "external" machines from "internal" ones. In the event that your webserver gets compromised, your accounting server (which should still be an "internal" one) is safe.
19
20 !!! VirtualPrivateNetwork
21
22 When providing access to off-site users, such as people working from home, [RoadWarrior]s, or remote branches, use a VPN to provide secure access to your internal servers.
23
24 When securing wireless networks, it is sensible to completely lock down the wlan so that the only permitted activity is to the VPN server. For wireless users to participate in the network they have to connect via your VPN first.
3 PerryLorier 25
26 !!! RFC1918
27 Please please please avoid the use of RFC1918, it breaks so much stuff. Never use it for anything that might ever be visible to the Internet, including a router in the middle of a network. See NetworkingNotes for details on it breaks.
2 GerwinVanDeSteeg 28
1 PerryLorier 29 ----
30
31 Part of CategoryBestPractices

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach()