 |  |  |  |  |  |  |  |
Isolating one PC in an office
 |
I need to isolate one computer in a small office from the office network - from both NetBIOS networking with other machines and at the IP level. The office is just one of a number of businesses in one building - each office has its own network & internet connection hardware connected to a patchbay in a cupboard - I've already tried some measures to physically isolate the machine in question with some wiring changes, but as soon as the device is plugged into the patchbay, the router that provides the office internet connection appears to connect the whole lot anyway (basic NetGear ADSL router).
We have a Netgear Smartswitch on which I've set up a VLAN to encompass all the machines I do want networked and another VLAN that only includes this one machine and the internet port. I can still ping the other office machines from the `isolated` PC and vice versa even though it can't be accessed via NetBIOS. Is a VLAN strictly a Layer 2 thing, or would a Layer 3 managed switch incorporate VLANs that operate at the IP level too? We have some security requirements to fulfil for a planned project, and until there is money available I can't simply move the isolated PC to its own dedicated internet connection (which is the ideal). I know I could use a firewall and block internal private addresses but if the project takes off, a hardware device that deals with unwanted traffic before it can get to the PC in the first place would be the best option.The PC in question will be used for remote-assistance, accessing other computers over the internet. Any suggestions and insight welcome.
We have a Netgear Smartswitch on which I've set up a VLAN to encompass all the machines I do want networked and another VLAN that only includes this one machine and the internet port. I can still ping the other office machines from the `isolated` PC and vice versa even though it can't be accessed via NetBIOS. Is a VLAN strictly a Layer 2 thing, or would a Layer 3 managed switch incorporate VLANs that operate at the IP level too? We have some security requirements to fulfil for a planned project, and until there is money available I can't simply move the isolated PC to its own dedicated internet connection (which is the ideal). I know I could use a firewall and block internal private addresses but if the project takes off, a hardware device that deals with unwanted traffic before it can get to the PC in the first place would be the best option.The PC in question will be used for remote-assistance, accessing other computers over the internet. Any suggestions and insight welcome.
you can modify the protocol bindings so that certain protocols only work on certain interfaces.
I dit it once (a long time ago) with a windows NT server. Back then , i used IPX for the internal (netware) network card and TCPIP for the internet-facing card, meaning it was more secure as there could be no passthrough at all.
I dit it once (a long time ago) with a windows NT server. Back then , i used IPX for the internal (netware) network card and TCPIP for the internet-facing card, meaning it was more secure as there could be no passthrough at all.
If i am helpful, please give me reputation points.
Thanks for the reply - I've already removed the Windows Networking Client and File & Printer Sharing from the PC in question, disabled NetBIOS over TCP/IP - it doesn't need any connection at all to the internal network. I'll probably end up insisting on a separate router and put the machine in its own subnet, no need for expensive equipment that way....
|
Views: 1264 | Replies: 3
| Thread Tools | Search this Thread |
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Network Security
2008 adobe advice antivirus apple barackobama blackmail botnet browser business china civilliberties crack crime cybercrime daniweb data database dataloss dataprotection development email emailretention encryption europe exploit facebook forensic fraud gadget gmail google government hack hacker hacking hardware homelandsecurity hotmail ibm identitytheft idtheft information internet iphone kaspersky kernel law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama password passwords paypal pentagon phishing phone politics privacy realplayer report research safari satnav scam search security skype socialnetworking software softwaredevelopment sophos spam sqlinjection survey symantec terrorism terrorist trends trojan twitter uk usb virtualization virus vulnerability web wireless worm yahoo youtube
