RE: Internal POP3 users

From: Steve McLaughlin (
Date: 03/04/04

  • Next message: "Re: Crypto Book Recommendations?"
    To: <>
    Date: Thu, 4 Mar 2004 18:26:16 +1100

    You could put a second network card in, and use this as the only
    connection to their network, then assign a scope with dhcp for their
    network and assign it to their interface only.

    You could also use port filtering to block all traffic in both directions
    traffic except dhcp traffic.

    Also remove any routes to and from the new interface.

    This will create 2 separate broadcast domains, so all your packets will
    stay on your side of the fence.

    With a little obscure security on top of that...

    Im guessing what your topology looks like here.

    steve mclaughlin | enlite technologyR
     (MCSE:Security, CCNA, Security+, A+, Network+, Server+)

    -----Original Message-----
    From: Christopher Herrmann []
    Sent: Wednesday, 3 March 2004 12:01 PM
    To: Security-Basics (E-mail)
    Subject: Internal POP3 users


    I have a number of users sharing our Internet connection who do not
    authenticate to my NT network (they are to all intents and purposes,
    different companies in the same building). However they all use the same
    DHCP service (from my NT server). This is a major security concern. What
    are some of the ways I might separate the traffic generated on their
    machines from my main network?
    I understand segmentation is one option, but how do I distinguish between
    those machines? Should I move the DHCP to the router for instance?

    Any ideas would be welcome.

    Christopher Herrmann
    IT Manager

       This message has been scanned for spam & viruses by Mail Sleuth.
       To report SPAM forward the message to:
       Mail Sleuth

    Free 30-day trial: firewall with virus/spam protection, URL filtering,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost

    Download your free trial at


  • Next message: "Re: Crypto Book Recommendations?"

    Relevant Pages

    • Re: Routing Morpheus through AOL
      ... Doesn't AOL provide its own internally tunnelled connection? ... Considering this group is supposed to be for network ... and security issues. ... tunneling mechanisms, ...
    • RE: VPNs - Firewalls and Security
      ... we turned off sysopt connection permit ipsec and then added the ... VPN connections. ... VPN's - Firewall's and Security ... You had configured that vpn users access internal network, ...
    • RE: Down with DHCP!!!!
      ... Managing/monitoring the DHCP pools as assignments yourself ... -Other management tools as in Asset ... Security Administrator ... Network Operations-ICW Group ...
    • Re: Share Connection with Wii
      ... The second Network card that connect the Laptop to the Boxes can not be on the same Network. ... IP Subnet Mask DHCP) ... Router: Wireless Port ... Ethernet adapter Wireless Network Connection: ...
    • Re: SBS 2003 Server.. Outside/internet users obtaining DHCP lease?
      ... obtaining a DHCP lease on our server. ... VPN is easier to determine from logs. ... have the ability to check all plug in connection. ... One to the local network ...