Security Basics mailing list archives
Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports
From: Justin Mitchell <jgmitchell () gmail com>
Date: Mon, 17 Aug 2009 05:40:10 -0500
On Mon, Aug 17, 2009 at 12:17 AM, Thomas Anderson<zelnaga () gmail com> wrote:
On Sat, Aug 15, 2009 at 5:13 PM, Justin Mitchell<jgmitchell () gmail com> wrote:What you are wanting to do still won't prevent the ISP from shutting down your single internet connection if one user behaves badly. You need an individual internet connectio for each user. 20 users = 20 modems/routersOk... let's change the situation around a bit. If your router only has four ethernet ports on it and you want to connect seven computers to the LAN, do you buy a router or a hub? If you buy a router, you'll be creating a LAN within a LAN - if you buy a hub, you'll just be extending the existing LAN.
I would purchase a switch, not a hub. Depending on the switch you use, you can segment the users.
Let's say the network my ISP connects me to is, itself, a LAN. Technically, the fact that they provide my internet service qualifies them as an ISP, does it not? That this, shall we say, pseudo ISP wants to ban me, however, does not mean their ISP wants to ban me. Indeed, thanks to network address translation, they wouldn't be able to distinguish me from anyone else.
Say the psuedo ISP wants to ban you, that is something you would have to discuss with them. They could simply disable your access through the use of access-lists or pulling the plug to your section of the network. If you can prove it is a single user and they would cut off just their access, you're fine. Sounds like you need a method of controlling traffic on your section of the network before it gets to your provider, whether it is an actual ISP or a psuedo ISP. Or as you alluded to in an earlier post, encrypt all the outbound traffic in a VPN through the network to an external point.
Or lets say you're the US Department of Defense and have multiple /8 IP address blocks. If you have a hub plugged directly into their OC-192 modem do you still need 20 modems / routers for 20 users? I actually don't know the answer to that one, although I suspect you don't, either.
I do have an answer, you need some big switches capable of doing layer 3 routing and passing the traffic downstream as quickly as possible to your distribution layer devices. -- Practice Does Not Make Perfect. Perfect Practice Makes Perfect. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Offsite confidential data storage?, (continued)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- RE: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- Message not available
- Re: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Richard Golodner (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Message not available
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gillett (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gress (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Thomas Anderson (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports David Gillett (Aug 18)