How to follow IP changes in LAN to avoid remote connectivity issues

I’ve set up remote access to a computer and had to enter the authorized IPs which can connect remotely to the computer. These IPs change from time to time and I have no control over that, so every time they change I have to go update the authorized IPs list. Usually, a user will let me know that the connection failed.

Is there a way to somehow track this IP changes (happening on a company’s LAN) so I can proactively update my list instead of having to wait until the connection fails to go and see what the new IP is ?

If it’s not possible, how is this usually handled by IT security professionals ?

Go to Source
Author: Trusky

Can a router be configured from outside the local network?

My router can be configured by going to 192.168.1.1:80 when connected either by WiFi or by Ethernet cable.
Can the same configuration web interface be accessed from the external interface (the public IP of the router)?

Some background:
I have a “Technicolor TD5130” and I wanted to change the default password that the ISP preconfigures. But even after changing the password, the default weak password for some weird reason still works. So I’m wondering if someone can access the router configuration if they can’t initially connect to the router through Ethernet nor WiFi.

Go to Source
Author: RationalFragile

Are there security reasons for prohibiting universal mac address modification?

Background

In a standard 48-bit MAC address, the 7th (most significant) bit specifies whether it is a universally-administered address (UAA) or a locally-administered address (LAA).

If it is 0, then the MAC address is a UAA and the first 24-bits are the organizationally-unique identifier (OUI) of the manufacturer of the network interface card (NIC).

If it is 1, then the MAC address is just an LAA.

Question

Many drivers and NIC’s often allow users to modify the MAC address of their device.

But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA’s): https://superuser.com/questions/1265544/

What is the reason for this restriction? Are there security implications if this was not the case? Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company’s network communications product? (to their ISP)

Go to Source
Author: ManRow

Does a LAN to LAN with different subnet configuration is secure?

I plan to implement the following network configuration :

Internet [(cable A)]

Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

Router B
(192.168.1.x)[(WAN:)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

The first LAN port of router A is connected into the first LAN port of router B, but both routers are in a different subnet.

Usually, when I setup two routers together, I do a double NAT configuraton (LAN to WAN) or a LAN to LAN in the same subnet.

I know the following facts:
In a double NAT configuration such as this one,

Internet [(cable A)]

Router A
(192.168.0.x)[(WAN:cable A)(LAN1:cable B)(LAN2:)(LAN3:)(LAN4:)]

Router B
(192.168.1.x)[(WAN:cable B)(LAN1:)(LAN2:)(LAN3:)(LAN4:)]

Hosts from router B can communicate with hosts from router A.
Hosts from router A can’t communicate with hosts from router B.

In a LAN to LAN in the same subnet configuration, any hosts can communicate to any. It’s the same subnet.


In the network configuration I plan to implement, LAN to LAN but in a different subnet, I noticed that hosts from both network can’t be reached. Is this a secure way to isolate networks, at least better than double NAT ?

The connected router B gets an IP address in the router A subnet (192.168.0.x).

Also, I did not have to define any static routes to get internet access, I have difficulties to understand how this is possible since router A gateway does not ping.

Go to Source
Author: pmbonneau