Security Basics mailing list archives
RE: diffrent way of securing a subnet! Please help
From: "Jon Pastore" <jpastore () idetech net>
Date: Wed, 16 Apr 2003 14:48:07 -0400
Need more details...you have a remote office or local? What kind of bandwidth? Also what are you trying to restrict? I setup at a clients a Linux box with iptables and 3 subnets: 1.) 10.2.1.0/24 privileged users 2.) 10.1.1.0/24 non privileged users 3.) 10.1.3.0/24 remote office not privileged The Linux box acted as a router/firewall (we're also installing a watch guard box to further protect his stuff...) but this box knew about all 3 networks and how to route to each of them and I just used iptables to control it...similar to your Cisco solution but there are a ton of tools out there for configuring iptables and parsing logs etc...also if you're just trying to manage web traffic you can use squid on this box (Linux proxy server) and control users like that... Jon Pastore, President IDE Tech, Inc. (954) 360-0393 Office (954) 428-0442 Fax -----Original Message----- From: Héroux, Christian [mailto:Christian.Heroux () etsmtl ca] Sent: Wednesday, April 16, 2003 9:44 AM To: security-basics () securityfocus com Subject: diffrent way of securing a subnet! Please help Hello All! I need to secure a subnet and restrict access to certain users. I have been looking at different way to do it and I didn`t find many real way to do it just some concept. Here the solution I found on the net: 1- Access-list on the interface of that subnet. Very difficult to manager and limite allowed user to use a specific workstation or vlan. 2- Cisco Pix firewall. Too expensive not justifiable for the projet 3- Remote access software. Which one is really secure? PCanywhere, VNC, terminal server 4- Authentication base proxy. Novell borderManager seem to do the job, squid also seem to do it. Any other that can be link to an active directory 5- VPN software peer to peer. Microsoft has a solution. I also read about role base access control (RBAC) but it seem to be implemented in the OS not as a stand alone software or in router. Am I right? Where is the official web page for squid? Ch ------------------------------------------------------------------------ --- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- diffrent way of securing a subnet! Please help Héroux, Christian (Apr 16)
- RE: diffrent way of securing a subnet! Please help Jon Pastore (Apr 17)
- Re: diffrent way of securing a subnet! Please help watchmen (Apr 17)