Showing results for 
Search instead for 
Did you mean: 

which IP address scheme is the most secured?

Level 1
Level 1

Assume Wifi infrastructure user and management port use the same class A <- user use or management use if most secured? <- user use or management use if most secured?

which should be and should not be used for user IP address and management port IP address?

if more secured , does it mean user can only use more specific IP address and more narrow and smaller set of IP address subnet?

7 Replies 7

@Maivakov hi, my personal advice is, there is nothing called most secured IP range. all IPs are scannable if you allowed access. use ACL, Firewalls, VLANs to isolate your network according to trust level. use zero trust model.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck

Leo Laohoo
Hall of Fame
Hall of Fame

There is no such thing as a "secured IP address scheme".

Even air-gapped network get compromised.

But, which assignment of choices of IP address scheme can give more difficulty to invaders ?

Security doesn't come from a certain IP addressing scheme like @Kasun Bandara and @Leo Laohoo pointed out. It really comes from the policies you have in place, like the password policy, and from the hardware and software tools you use enforce the security policies and also report on security events.

Regards, LG
*** Please Rate All Helpful Responses ***

@Maivakov wrote:

But, which assignment of choices of IP address scheme can give more difficulty to invaders ?

(Obviously someone did not read my response.)

Oh, my sweet summer child.  You know nothing about the cold.

I'm going to have to be very brutal:  Whoever gave the statement "what is the most secure IP address" has provided a trick question to test someone's "mettle". 

Even a standalone machine, a machine without an IP address, can get compromised.

Rich R

@Maivakov I think you're missing the point of all the replies - there is no IP range that is "more secure" than another range.

There are a bunch of arguments you could make to try to argue that one way or another but they're all ultimately rubbish (smoke and mirrors) because they make no difference at all to a determined intruder.  It goes without saying that your management and users should be in separate VLANs and on separate subnets, but which subnet you use makes little difference.  Ideally management should be completely out of band and completely inaccessible to WiFi users.  You can use features like "DHCP required" to ensure wireless users only get IPs from the WiFi subnet and unicast RPF on the next hop (default gateway) router to absolutely exclude IP spoofing from those users.  That should be combined with every other security feature (including ACLs and firewalls and the other things mentioned above) to achieve what's known as defence in depth.  This means you don't rely on any single feature or protection mechanism, you assume any of them can be compromised, so you use all you have available so that even if one or some are compromised the rest continue to provide protection at every level possible.  That's how you make it "more difficult" for an intruder.

I am not penetration tester, I am confused that there are no routing between two different subnet, how come this possible?

which network course teach air gapped network can also be invaded ?

Review Cisco Networking for a $25 gift card