RE: Internal POP3 users

From: Steve McLaughlin (steve_at_Lan.com.au)
Date: 03/04/04

  • Next message: removeDPovilaitis_at_lb.lt: "Re: Crypto Book Recommendations?"
    To: <security-basics@securityfocus.com>
    Date: Thu, 4 Mar 2004 18:26:16 +1100
    
    
    

    You could put a second network card in, and use this as the only
    connection to their network, then assign a scope with dhcp for their
    network and assign it to their interface only.

    You could also use port filtering to block all traffic in both directions
    traffic except dhcp traffic.

    Also remove any routes to and from the new interface.

    This will create 2 separate broadcast domains, so all your packets will
    stay on your side of the fence.

    With a little obscure security on top of that...

    Im guessing what your topology looks like here.

    steve mclaughlin | enlite technologyR
     (MCSE:Security, CCNA, Security+, A+, Network+, Server+)

    -----Original Message-----
    From: Christopher Herrmann [mailto:CHerrmann@oddfellows.com.au]
    Sent: Wednesday, 3 March 2004 12:01 PM
    To: Security-Basics (E-mail)
    Subject: Internal POP3 users

    Hi,

    I have a number of users sharing our Internet connection who do not
    authenticate to my NT network (they are to all intents and purposes,
    different companies in the same building). However they all use the same
    DHCP service (from my NT server). This is a major security concern. What
    are some of the ways I might separate the traffic generated on their
    machines from my main network?
    I understand segmentation is one option, but how do I distinguish between
    those machines? Should I move the DHCP to the router for instance?

    Any ideas would be welcome.

    Christopher Herrmann
    IT Manager

    ========================================================================
       This message has been scanned for spam & viruses by Mail Sleuth.
       To report SPAM forward the message to: spam@mailsleuth.com.au
       Mail Sleuth www.mailsleuth.com.au
    ========================================================================

    --------------------------------------------------------------------------
    -
    Free 30-day trial: firewall with virus/spam protection, URL filtering,
    VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with
    Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost
    of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
    --------------------------------------------------------------------------

    --
    
    



  • Next message: removeDPovilaitis_at_lb.lt: "Re: Crypto Book Recommendations?"