Static IP frim ISP more secure than dynamic IP

Hi,

Are there any advantages security wise, of having a static IP as opposed to dynamic, from an internet service provider for home office use?

By the way plase excuse my spelting in title, I have not had enough coffee this am.

 

The way it reads you would think that a dynamic ip is more secure because it changes with each session. However without good firewall protection they can both be just as vulnerable.
Just my opinion and only my opinion if you had a static ip, someone who was really determined to find you and cause you damage has a better chance of doing so because your ip never changes and they have more time to work on getting past your security.
I had a static ip address for years and never had a breach but that was the luck of the draw, I always had a good firewall program. Now my ip is dynamic but I still have a good firewall program so I don't notice any difference.

There are many opinions on this topic so hang on and some other people will probably post there experience and experiences on this subject..

 

Buggabear is right about that. Other than that really, there is no security benefit to having a static ip versus dynamic. If someone gets on your network, even your public subnet, there is no security benefit. All someone needs to know is what network subnet youre on, assign themselves an IP accordingly that doesnt conflict, and theyll be able to communicate with you regardless of what assigned your IP. The rest is up to you; firewalls, AV, safe browsing/downloading will directly affect your network security.

 

OK since there seems to be no local advantage or dis advantage one way or another for a static IP, that brings me to another question.

Would a static IP be a security benefit (or risk) for one who logs on via the static ip connection, to a remote server via SSH via either putty or SFTP or SCP, as far as remote server security/firewall settings are concerned?

 

there is no real security benefit. if someone gains access to your network, it doesnt matter if your ip is assigned static or dynamic. a better understanding of IP addressing might shed some light on that subject. quick run down:
given the private ip address of 192.168.0.5 with the subnet mask of 255.255.255.0.
192.168.0 is the network that address is on, think of that as the block your house is on. Think of your house as 5. combined, you are 192.168.0.5 and anyone on the 192.168.0 network can see you unless your door is locked. doesnt matter if you say your address is 192.168.0.5 or if someone else(your isp) says so.

a static IP might be of benefit for managing security through other protocols and software at higher layers, but IP alone has little security.

 

OK,

Then are you saying that if a Linux firewall is set up to reject any remote server connections via secure shell or SFTP or SCP, that are not from a specific IP address, does little or anythig to help prevent hackers from breaking in?

 

well thats what i mean by using other software and protocols to secure your IP. Authentication doesnt necessarily have anything to do with how your IP is assigned. TLS/SSL, SSH operate on a different layer than IP. if you dont use certain application protocols (SSL, SSH), or IPSec even to secure your IP, you have no security. make sense at all?

 

Security is not the only consideration for static v dynamic IP.

1) Static can cost more, depending upon the ISP.

2) If you want video conferencing you really need a static IP for some providers.

3) Modem/routers find it harder to resettle after a line outage on static IP. I find the Zyxel P600 series particulary prone in this respect.

 

A Static IP address is mainly used for web site hosting...remote access and such. TCP/IP protocol is a communication standard and doesn't really have any security to it. SSL/SSH/IPsec are all different protocols that are used to make TCP/IP more secure. We always want to say "more" secure, because nothing is really secure.

If we use the same house example above...the static IP address is an address that doesn't change. Your firewall...natting router...etc. Acts like the locks on your front door, fence, and doorman deciding who to let in and out.

The advantage to a dynamic IP is that it MAY change depending on the lease time of the host. If there is a long lease time then your IP address may never change. But if you were to disconnect from the host for longer than the lease time, the IP address is released back into the pool to be handed back out again.

Really, it depends on what you are wanting to do with your network whether a Static/Dynamic IP address would better suite your needs. I am the local IT support for a local ISP...trust me someone has tried to hack your DSL/CableModem today...static IP or not.