Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Private IPs more secure?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Private IPs more secure?

Hi,

When sending data between to VPSs in a center, are private IP addresses more secure than sending between the public IP of the same computers? Is it harder for a 3rd party to look at the contents of the data going between the two VPSs (say a mysql connection).

I guess I am thinking that when transferring between private IPs, it never leaves the local network, so that adds some security?

-Adam

Comments

  • SpartanHostSpartanHost Member, Host Rep

    The traffic would never leave the local network when going between the public IPs either as the route between the VPS's would be in the local router's routing table.

  • Yup it's more secure, but you still need to setup lock down un used port. Some other people on same DC might able scan the private IP range.

    Bind your IP to private IP too, since by default mysql listening on all ips

  • jarjar Patron Provider, Top Host, Veteran

    Consider it no more secure and take the same precautions you would if it were public. It's still passing through shared network equipment no matter what.

  • hostdarehostdare Member, Patron Provider

    Private IPs still can get attacked by someone within the local network ,so number of attacks will decrease but do not get lazy and keep your server protected by using firewall or blocking unused ports .

  • pbgbenpbgben Member, Host Rep

    In the sense that its private? No, I would still use full protection for passwords etc, no point having default PW on mysql install but only limiting to 10.10.10.0/24 as people have mentioned above its possible for someone to set a static on their box to one in your range and get into the server.

    providing the host has no protection against that, even if they do you should keep things secure.

  • ClouviderClouvider Member, Patron Provider

    @jarland said:
    Consider it no more secure and take the same precautions you would if it were public. It's still passing through shared network equipment no matter what.

    One could ask DC to setup a dedicated VLAN for that traffic, but again it doesn't mean one shouldn't worry about security of that link.

  • IkoulaIkoula Member, Host Rep
    edited March 2017

    To me data exchange between two computers on a private network can't be seen by an external machine.

    But that does not mean your database server for exemple is invulnerable because it does not have routes to internet.

    You have to secure this machine anyway because if the other servers on your private network are compromised it will be at risk.

  • Depends on how you define "secure". Seen from the usual security perspective it's simply irrelevant. However, as private IPs aren't routed, one might consider it in some way as more secure.
    I personally think that the question is moot anyway as you will have to use public IPs anyway and private IPs are merely an internal thing, e.g. when using a VPN.

  • raindog308raindog308 Administrator, Veteran

    @bsdguy said:
    I personally think that the question is moot anyway as you will have to use public IPs anyway and private IPs are merely an internal thing, e.g. when using a VPN.

    I think OP is referring to providers who offer rfc1918 network addresses so you can talk locally between your boxes in the same DC.

  • jhjh Member

    127.0.0.1 is the most secure IP. I recommend it.

  • daffydaffy Member

    Also, don't forget to drop 0.0.0.0/0 in iptables.

  • raindog308raindog308 Administrator, Veteran

    @jh said:
    127.0.0.1 is the most secure IP. I recommend it.

    I dunno, seems like a porn site.

    Oh wait, that's...(blush)

    Thanked by 1JasperNL
Sign In or Register to comment.