[13] RFC 1918 Private Address Space
By:
Prasanna
|
๐ Topic: RFC 1918 Private Address Space
Domain: D6 โ Security Engineering
Tags: #cissp
๐งพ Definition
RFC 1918 defines the private IPv4 address ranges that are intended for internal networks and are not globally routable over the Internet. These ranges are commonly used inside organizations and behind NAT.
๐ Key Points
- Private IPv4 ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
- RFC 5737 defines documentation ranges that should not be used for production.
- Private addresses require NAT or firewalling for Internet access.
- Network segmentation and filtering should prevent accidental exposure of private ranges.
โ ๏ธ CISSP Insight
- Private addressing is a basic network design concept, but it must be carefully controlled to prevent leakage and misconfiguration.
- Not every non-public address is automatically secure; proper filtering and routing still matter.
โ๏ธ Key Difference / Trap
- RFC 1918 vs public IPs
- RFC 1918 = private and non-routable on the public Internet
- Public IPs = globally routable
- Private does not mean protected
- Internal networks still need access control and monitoring
๐๏ธ Example
An internal office network uses 192.168.1.0/24 for employee devices, while the Internet-facing firewall translates the traffic to a public IP address.
๐ References
- RFC 1918, Address Allocation for Private Internets
- RFC 5737, IPv4 Address Blocks Reserved for Documentation
- RFC 2663, IP Network Address Translation (NAT) Terminology
๐ Quick Recall
- RFC 1918 = private IPv4 space
- 10/8, 172.16/12, 192.168/16 = common private ranges