Re: Allow second Internet connection into Office Space?

From: Alexandros Papadopoulos (apapadop@cmu.edu)
Date: 10/11/02 

From: Alexandros Papadopoulos <apapadop@cmu.edu>
To: Chris Hylen <chris.hylen@unigard.com>, security-basics@securityfocus.com
Date: Thu, 10 Oct 2002 23:52:25 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 09 October 2002 11:31, Chris Hylen wrote:
> Security Pro's:
>
> A group of my programmers want to have a DSL connection put in their
> testing area so they can simulate end user experience across the Internet.
> I have concerns with this and am curious if anyone else has found a good
> solution to provision their business requirement without putting the
> network at risk.
>
> I know I haven't gone in to enough detail for an EXACT solution but
> in general if anyone has any "tips" I'd appreciate it. Thanks!

Well, you're probably looking at one dedicated box that does NAT/firewalling
and sits between the DSL and the rest of your network. All other boxes rely
on this one box to secure them, so there's no pressing need for
reconfiguration of the internal network.

If you want to be 100% safe of course, you would disconnect the clients not
needing internet access and physically connect only a few boxes to the one
with the DSL line, thus putting a limited part of your network "at risk". See
how that goes, and then you can make the big step and allow (regulated)
internet traffic to flow through your entire network.

- -A
- --
http://www.andrew.cmu.edu/~apapadop/pub_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9pkr5gmAMwQt1gmURAtbqAJ9UVUAuMPLa8Pa6q7DnXOzm9epQbgCeN79F
Y94jHKCEkTMz6S4eAjheiug=
=LXa6
-----END PGP SIGNATURE-----