RE: Allow second Internet connection into Office Space?

["Kline, Nathan C - CIEP-2" <nckline () bpa gov>]

If the developers are simulating the end user experience in their testing,
then why do they need a LAN at all?  All you need to do is have one machine
not connected to your corporate LAN and have a DSL line set up as if it were
a home user, using the DSL isp etc.  Assuming this is a thin client test,
then no software exchange probably needs to take place.  Perhaps do not even
put a network card in this pc and only use the USB capability of most modern
dsl or cable modems.

--Nathan
  

-----Original Message-----
From: Louis Erickson [mailto:LErickson () ariba com] 
Sent: Monday, October 14, 2002 11:03 AM
To: 'Rapaille Max'; Chris Hylen
Cc: security-basics () securityfocus com
Subject: RE: Allow second Internet connection into Office Space?


One thing which no one has mentioned yet is a variant of this.

Instead of making a connection to the LAN, get the developers removable
media.  2G ORB drives are reasonably affordable and let you move a big chunk
of data back and forth.  They can use their development machines to set up
what they want to test on the removable disk, then stick it in the other
machine for testing.

Make sure all machines involved have good virus protection.  Perhaps
different versions for the internal LAN and the Internet visible one.

Lou Erickson
IT Tools Developer,
Ariba, Inc.

> -----Original Message-----
> From: Rapaille Max [mailto:Max.Rapaille () nbb be]
> Sent: Thursday, October 10, 2002 11:32 PM
> To: Chris Hylen; security-basics () securityfocus com
> Subject: RE: Allow second Internet connection into Office Space?
>
>
> Hi,
>
> You could create a little separate LAN for them  : 
>
> DSL Router --- Firewall (Linux based, on a recup PC) --- TEST LAN 
>
> If the goal is to test the end-user experience, they will 
> probably ask for different OS..  So Why not think about 
> making a little private LAN with Linux, Windows,(Dual 
> Boot/VMWare??).  Just imagine..  I had this kind of 
> requirement for a Web developping Company, and this is what 
> we did.  We knew that the developpers were  not specially 
> Security-Minded, and the Boss was paranoid...
>
> At a first stage, there was NO connection at all with the 
> production LAN, which is the safest solution ..  But as they 
> needed to exchange some file , we connected both LAN via a 
> Firewall, allowing ONLY FTP traffic from Production LAN to 
> Test LAN, using a FTP proxy and a Virus Checking (Trend Micro 
> Viruswall..)=
> So DEV team can work as usual on the Prod LAN,.  want they to 
> test their finding?  Just moving to an other keyboard... 
> without jeopardysing the prod LAN Security... 
>
> Hope this help..
> Should you need more details about the config, just drop me a 
> mail Off list @ info () emmera be
>
> Regards,
>
>
> MAx
>
> -----Original Message-----
> From: Chris Hylen [mailto:chris.hylen () unigard com] 
> Sent: mercredi 9 octobre 2002 17:32
> To: security-basics () securityfocus com
> Cc: CISSP_PNW () yahoogroups com
> Subject: Allow second Internet connection into Office Space?
>
>
> Security Pro's:
>
>       A group of my programmers want to have a DSL connection 
> put in their testing area so they can simulate end user 
> experience across the Internet. I have concerns with this and 
> am curious if anyone else has found a good solution to 
> provision their business requirement without putting the 
> network at risk.
>
>       I know I haven't gone in to enough detail for an EXACT 
> solution but in general if anyone has any "tips" I'd 
> appreciate it. Thanks!
>
> Chris Hylen
> Data Security