RE: [cobalt-security] OT: Are computers with 192.168.x.x safe fro m Internet?

["Vachon, Scott" <Scott.Vachon@xxxxxxxxxxxxxx>]

>However, what I am really afraid of is if it would even be remotely
>conceivable to have a hacked linux machine with physical cable  connection
>to the private network to infiltrate the private NT machines with
>192.168.x.x addresses. 

It is conceivable. Given enough time and a little knowledge of the devices
you are using you "could" be hacked. We all could.

>My original question was somewhat of an academic curiosity.  Since IP
>packets wiht private IP addresses are not supposed to be routable, my
>question was if computers with just private IP address can ever be reached
>by hackers.  One possible way, although I don't know how, might be if
>someone hacks into public IP machine and somehow reach into private IP
>machines.

Well, if everyone is following the rules then we can say the private IPs are
not "publicly" routable. Although a router mis-configuration could cause
this to not hold true. Thankfully most folks don't have this problem. You
stated you are using filtering but, are you using a separate firewall as
well ? My experience has found that a multi-layer approach is better. I
prefer to utilize firewalls, access-lists, and VLANs to limit and
sectionalize traffic into and out of, my private networks. I also ensure
that I turn off all services that are not necessary for business. And of
course, patch,patch,patch.
You can't 100% lock down your network. Your goal should be to make it
painfully time consuming and difficult for someone to hack in. I think you
will find that most of the riff-raff out there likes to follow the path of
least resistance and will pass by a hardened target.

Two sites you should check out: www.securityfocus.com, and
www.antionline.com . I also recommend checking out the hacker sites, which
will help give you perspective on their thinking and reasoning. Human
engineering works both ways !

~S~

Disclaimer: My own two cents.