[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bridge: admin interface security



The recent discussion about bridges and IP-addresses caused me to wonder if an admin interface really adds to the security of the bridge when one decides to assign a private IP address to it. In both cases one most likely would use a private (non-routeable) IP address. Also in both cases one would block private IP addresses from the external interface. (see below for silly ASCII drawing of setup) To be useful the admin interface most likely is connected to the same LAN as the internal interface.

So in both cases one can not access the interface with the private IP address from the outside without first having gone through the fire wall. Once inside they are just as equally vulnerable. So what am I missing that makes the usage of an admin interface better?


Without admin interface:

    | external without IP address
+--------+
| bridge |
+--------+
    | internal with private IP address


With admin interface:

    | external without IP address
+--------+
| bridge |
+--------+
  |    | internal without IP address
  |
  | internal admin interface (with private IP address)