Security Basics mailing list archives
risk attaching dsl modems to office network?
From: Andy Colson <andy () squeakycode net>
Date: Mon, 12 Jul 2010 11:59:04 -0500
Hi List,I'm a programmer, not a network guy, so before I do something dumb I wanted to get some opinions, and this seemed like a good place to start. If there is someplace else that might be helpful I'd appreciate a pointer.
We host a few websites, but where we are located we cannot get really big pipe's without spending lots of $$$. So we have three dsl lines with an "enterprise" plan that lets us host from them. Each has a different outside IP address, and the inside ip is 192.168.0.1.
Our current setup has the dsl modem plugged into the web server, and the web server has two nics. One on 192.168.0. (the dsl) and on 192.168.10. (the office). The 10. line is, obviously, plugged into the office switches.
So it looks like: internet | | V dsl modem | | V web server ---> switches -->> officeThis all works ok, but to add a reverse proxy, and some monitoring, I'd like to plug the dsl modems into the switches. I can give each dsl modem a different internal ip (192.168.0.1, 192.168.0.2 and 192.168.0.3) and dmz them to a new computer at 192.168.0.42.
New layout: internet | | V dsl modem | | V switches -->> office (.10.) | | V proxy/load balancer (.0.) --->web1 | | V web2My worry here, and my question for you, is: am I opening myself to "bad things" if I plug my dsl modems into my office switches? Will a resourceful hacker be able to see my 10.* traffic?
The dsl modems have both NAT and DMZ, I'm thinking of using DMZ and putting iptables on the proxy box. Would you think that would be safer than using NAT? (The dsl modem has firewall and NAT (well its port forwarding, I'm not sure it thats NAT)). DMZ or NAT will only go to one IP, 0.42.
Thank you for your time, -Andy ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- risk attaching dsl modems to office network? Andy Colson (Jul 13)
- Re: risk attaching dsl modems to office network? Ansgar Wiechers (Jul 14)
- Re: risk attaching dsl modems to office network? Eric M. (Jul 16)
- Re: risk attaching dsl modems to office network? Andy Colson (Jul 16)