RE: One computer two different networks
- From: "Hagen, Eric" <hagene@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Oct 2006 09:41:27 -0600
My immediate thought is.... TWO computers.
You have a private network with no Internet for the reason that you do not want the data on that network or on those PCs accessable to an attacker.
If the PCs are on the Internet using a second network card in each computer, they are just as vulnerable as any normal computer, therefore, your network is just as vulnerable as any normal network.
If the Internet is routed directly over this network, you can secure it via NAT and Firewalls, and this seems to me to be your best bet, but there are always attack vectors that can be used when a computer is on a public network.
If your private network is truely "high-security", you cannot connect anything on it to a public network. Period. For example, the storage of TOP SECRET data according to DoD cannot be stored on a comptuer that has any sort of access to public networks. It has to be PHYSICALLY isolated from those networks.
So exactly how "high-security" is your network and exactly how much security can you compromise by adding Internet traffic to the mix?
Eric
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]On Behalf Of Santiago Barahona
Sent: Tuesday, October 10, 2006 8:04 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: One computer two different networks
Hi all,
(First of all I want to apologise if I am misplacing this question, if so
I'd appreciate if anyone could point me to the right direction)
So here is the situation:
We have about 250 computers that are isolated in a high-security network,
we want to give internet access to those computer users without
compromising the secured network...of course our first thought is to buy
250 computers so the users can switch between computers (one for the
secure network, one for internet)... but that might not be most practical
solution...
So, I've been looking around and I've found a product called DATAGATE,
from Tenix which works as a "Data Diode"... looks interesting... but I'd
like to have a second opinion...
Does anyone know about other products or techniques on how to accomplish
this??
thanks!
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- RE: One computer two different networks
- From: evb
- RE: One computer two different networks
- From: mn19522
- RE: One computer two different networks
- Prev by Date: Re: preventing run-as option
- Next by Date: Re: One computer two different networks
- Previous by thread: RE: One computer two different networks
- Next by thread: RE: One computer two different networks
- Index(es):
Relevant Pages
|
|
