Security Basics mailing list archives
RE: One computer two different networks
From: "Andrew Aris" <andrew () dev bigfishinternet co uk>
Date: Wed, 11 Oct 2006 09:18:34 +0100
This would appear to work - but it doesn't. It would be an horrendous idea from a security point of view, when on the "internet" network the machine would be much more open to various threats that might compromise the machine. This leaves you in a position where potentially compromised machines are constantly dipping into the "secured" network, handling some sensitive information and then rejoining the "internet" network allowing any potential malware to potentially "phone home" with data collected from the "secured" network - Machines that do this would have to be considered no more secure than the "internet" network itself which would defeat the whole idea. If you are going to use the same physical machine for both networks then the operating environments need to be completely seperated - the three major ways of doing this would be to either have a terminal server located in a DMZ providing the nessecary functionality, a virtualised environment (such as vmware of virtual PC) bound to a second NIC, or live boot CD (such as Bart PE if you are in a windows environment). Personally I would go for a virtual machine since doing it this way means no reboots (a failing of the live CD option) and if you set it up not to keep any persistant state from the sessions you eliminate most future maintenace on them since regardless of what malware etc they pick up it will all be gone the next time the virtual machine is restarted. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jamie Wareham Sent: 10 October 2006 19:20 To: Santiago Barahona Cc: security-basics () securityfocus com Subject: RE: One computer two different networks I have set up a dual network situation similar to what you need. This is how I accomplished the task. Set up separate networks (diff. IP ranges, server, switches, etc.). Then, you would run cabling from each network to a dual port outlet installed near each workstation and should be easily accessible for the user. Now, the user simply "unplugs" and "plugs" into the target server's wall outlet and runs a batch file (which the admin puts in their desktops) that runs a brief DHCP release/renew process and maps needed drives "on the fly". When they are done, just "plug" back into the other outlet and run the batch file again. Works like a charm. J~ -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Santiago Barahona Sent: Tuesday, October 10, 2006 10:04 AM To: security-basics () securityfocus com Subject: One computer two different networks Hi all, (First of all I want to apologise if I am misplacing this question, if so I'd appreciate if anyone could point me to the right direction) So here is the situation: We have about 250 computers that are isolated in a high-security network, we want to give internet access to those computer users without compromising the secured network...of course our first thought is to buy 250 computers so the users can switch between computers (one for the secure network, one for internet)... but that might not be most practical solution... So, I've been looking around and I've found a product called DATAGATE, from Tenix which works as a "Data Diode"... looks interesting... but I'd like to have a second opinion... Does anyone know about other products or techniques on how to accomplish this?? thanks! ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- One computer two different networks Santiago Barahona (Oct 10)
- Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 10)
- RE: One computer two different networks Jamie Wareham (Oct 10)
- RE: One computer two different networks Andrew Aris (Oct 11)
- RE: One computer two different networks Marc (Oct 10)
- RE: One computer two different networks Dan Tesch (Oct 10)
- Re: One computer two different networks sami seclist (Oct 10)
- RE: One computer two different networks David Gillett (Oct 10)
- Re: One computer two different networks Raoul Armfield (Oct 10)
- Re: One computer two different networks Santiago Barahona (Oct 11)
- Re: One computer two different networks Andrew Hay (Oct 11)
- RE: One computer two different networks Ray Sawyer (Oct 11)
- RE: One computer two different networks Corey Watts-Jones (Oct 11)
- Re: One computer two different networks Ed (Oct 11)
(Thread continues...)