Re: how much safe if a network is separated?

Hi,
The best would be to physically separate the subnets, and connect them
through a firewall router, what can pass depends on how you configure it.
When you have two subnets, but on the same physical network, it depends on
how the incoming connection is filtered, but it's not much of a security.

VLANs act like physically separated networks, but share the same physical
network infrastructure in fact. If your network equipment supports VLANs,
this would be recommended for the costs and flexibility reasons. Once you
separate networks in multiple VLANs, use routing and firewalling to connect
them.

To answer you questions:
1. This depends on what your incoming VPN or firewall permits. However even
if a user if filtered out of a certain subnet he can still gain sccess if
there is an unsecured point in your other network subnet. For instance, he
could connect to a computer that is not well protected and have a go from
there.

2. A short answer is above...

3. That depends on what method you use and how you configure it. When
planning security, remember to evaluate every single point to wich someone
can connect when it gets access inside your network though you incoming
connection.

4. Physical subnet separation / VLANs and careful firewall configuration.

Regards,
Lucius


"hellur" <hellur@xxxxxxxxx> wrote in message
news:1142236611.917496.274800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
For example, there are cases that an internal network is separated
according to departments, such as finance, engineering, human
resources, etc. even though they share same physical infra.
As far as I know, it could be implemented using subnet, or vlan.

Let's say that an outsider has accessed my internal network
192.168.100.xxx, and I have another network which is 192.168.200.xxx,
and those two networks are separated.
(and both are behind company firewall)

My question here is :
1. If the outsider has a permission to get into 192.168.100.xxx, but he
should be isolated from 192.168.200.xxx. How safe is my network?
2. What methods are available to separate the two networks, and what
are their merits and demerits?
3. How can the outsider break into 192.168.200.xxx network when
above(from number 2) methods are implemented?
4. Hou can I strengthen my network to block the outsider intruding into
192.168.200.xxx when he has accessed 192.168.100.xxx?


I'm sorry that my questions may not seem clever, but I'm not a network
kind of guy.
And your help would be highly appreciated.



.

Relevant Pages

  • RE: Secure Network Design (DMZ, LAN, etc)
    ... you'll see that their both on the same subnet. ... It has a port for the trusted network and a port ... Our firewall handles NAT. ... > servers, wouldn't it require a public IP and therefore be somewhat ...
    (Security-Basics)
  • RE: Secure Network Design (DMZ, LAN, etc)
    ... You can't have separate subnets separated by a switch. ... is only because the firewall is going to be doing NAT in addition to ... > Subject: Re: Secure Network Design ...
    (Security-Basics)
  • Re: Secure Network Design (DMZ, LAN, etc)
    ... separated from the dbs by a firewall - transparent or router (different ... Secure Network Design ... > then why have a separate network? ... > switch. ...
    (Security-Basics)
  • RE: Secure Network Design (DMZ, LAN, etc)
    ... 192.168.1.0/24 network and another one on the ... Any thoughts on the IPTables vs. a commercial firewall thing? ... You can't have separate subnets separated by a switch. ...
    (Security-Basics)
  • Re: Alias in different subnet on card
    ... Alias in different subnet on card ... > I'm running a firewall at the moment using FreeBSD 5.2.1 and IPFW. ... > this by adding an alias to xl1, ... > have to get another network card? ...
    (freebsd-questions)
Quantcast