Re: Public/Private network split.
From: J. M. L. (freaknightproductions_at_yahoo.com)
Date: 02/03/04
- Next message: donutbandit: "Re: Spyware/adware and Internet Explorer"
- Previous message: Lassi Hippeläinen : "Re: Question regarding best practices?"
- Next in thread: BLH: "Re: Public/Private network split."
- Reply: BLH: "Re: Public/Private network split."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 3 Feb 2004 12:13:47 -0800
Thank you for everyone's replies… I am a bit confused, but feel a
little more confident.
To address several points raised by BLH… User behavior falls outside
the scope of the security I am trying to set up … P2P bandwidth stuff
can be cracked down on by blocking ports, If I'm not mistaken… If I
only open up port 80, that means that the only IP application would be
web browsers. I've raised the same concerns you have had with the
owner, and if there proves to be a problem down the road, he will
remove the service, or create user agreements, and MAC address
registration, or some other arrangement.
The only thing I am currently trying to address is the security of the
staff computers on the network.
Since my suggested set up wasn't clear, let me do it again.
_________________________________________________
ISP
|
| - Phone Line
|
ADSL MODEM (ISP UPLINK, PPPOE single IP address)
|
|-ethernet cable
|
{Linksys Broadband Router (192.168.1.xxx)}
| | | |- ethernet cables
| {Various staff computers/swtiches}
|
|-ethernet cable
|
{AS yet to be determined Router with wireless access point --
192.168.2.xxx}
| | | | -802.11b
| | | |
Various public wireless clients
_________________________________________________
Okay… I understand that you can't filter out ethernet packets… that's
the transport that the TCP/IP protocols are piggy backed on… However,
I thought that if you used a router or switch, you could prevent
people from sniffing and spoofing packets from one side of the switch
to the other, or at least make it orders of magnitude more difficult.
When I asked if I was getting the kind of security I thought I was
with the above arrangement, this is what I was referring to.
Is there a box out there that fits into the above diagram, that is
configurable enough to do lock down, and give me that type of
security? I don't want people on the wireless .2 network to sniff
packets and see what kind of equipment I am running, or do port scans
on the equipment on the .1 network.
I know I could set up a linux box with a dual nick and have a
firewall, routing, etc under linux, except that falls outside the
scope of my expertise… Its got to cost under $200, and have less then
10 hours of set up time (tweaking and configuring router, testing
security etc)) and its gotta just run without administration once it
is in place.
Obviously not all consumer grade Broadband routers are created equal…
I've used linksys and SMC equipment in the past, and been happy enough
in my home network environments. Office/enterprise grade equipment is
fine, as long as I can figure out how to configure it, and it meets my
price point. Any recommendations on specific hardware or critiques of
the above diagram are definitely appreciated.
- Next message: donutbandit: "Re: Spyware/adware and Internet Explorer"
- Previous message: Lassi Hippeläinen : "Re: Question regarding best practices?"
- Next in thread: BLH: "Re: Public/Private network split."
- Reply: BLH: "Re: Public/Private network split."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
