RE: One computer two different networks



Santiago Barahona wrote:
Hi all,

(First of all I want to apologise if I am misplacing this question,
if so I'd appreciate if anyone could point me to the right direction)

So here is the situation:

We have about 250 computers that are isolated in a high-security
network, we want to give internet access to those computer users
without compromising the secured network...of course our first
thought is to buy 250 computers so the users can switch between
computers (one for the secure network, one for internet)... but that
might not be most practical solution...

So, I've been looking around and I've found a product called
DATAGATE, from Tenix which works as a "Data Diode"... looks
interesting... but I'd like to have a second opinion...

Does anyone know about other products or techniques on how to
accomplish this??

thanks!

I think if you do grant internet access, your network would no longer be
considered "high-security". However, what about a Terminal Server in a
DMZ with only http and https egress access? If in a Windows
environment, you can force their user profile to run only your web
browser of choice with access to nothing else but your web browser. Of
course, you'll still have the link between your "high-security" network
and a single box outside of there, but you will be able to provide
internet access to your users and still mitigate the risks to your
network.

Comments, Opinions?

JMB

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------