Security Basics mailing list archives

RE: diffrent way of securing a subnet! Please help

From: "Jon Pastore" <jpastore () idetech net>
Date: Wed, 16 Apr 2003 14:48:07 -0400

Need more details...you have a remote office or local? What kind of
bandwidth? Also what are you trying to restrict?

I setup at a clients a Linux box with iptables and 3 subnets: 

1.) 10.2.1.0/24 privileged users
2.) 10.1.1.0/24 non privileged users
3.) 10.1.3.0/24 remote office not privileged

The Linux box acted as a router/firewall (we're also installing a watch
guard box to further protect his stuff...) but this box knew about all 3
networks and how to route to each of them and I just used iptables to
control it...similar to your Cisco solution but there are a ton of tools
out there for configuring iptables and parsing logs etc...also if you're
just trying to manage web traffic you can use squid on this box (Linux
proxy server) and control users like that...


Jon Pastore, President
IDE Tech, Inc.
(954) 360-0393 Office
(954) 428-0442 Fax



-----Original Message-----
From: Héroux, Christian [mailto:Christian.Heroux () etsmtl ca] 
Sent: Wednesday, April 16, 2003 9:44 AM
To: security-basics () securityfocus com
Subject: diffrent way of securing a subnet! Please help


Hello All!
        I need to secure a subnet and restrict access to certain users.
I have been looking at different way to do it and I didn`t find many
real way to do it just some concept. Here the solution I found on the
net:

1- Access-list on the interface of that subnet. Very difficult to
manager and limite allowed user to use a specific workstation or vlan.
2- Cisco Pix firewall. Too expensive not justifiable for the projet
3- Remote access software. Which one is really secure? PCanywhere, VNC,
terminal server
4- Authentication base proxy. Novell borderManager seem to do the job,
squid also seem to do it. Any other that can be link to an active
directory
5- VPN software peer to peer. Microsoft has a solution.

I also read about  role base access control (RBAC) but it seem to be
implemented in the OS not as a stand alone software or in router. Am I
right? Where is the official web page for squid? 

Ch




------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by
professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today
to 
ensure your place.
http://www.securityfocus.com/BlackHat-security-basics 
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------

Current thread:

diffrent way of securing a subnet! Please help Héroux, Christian (Apr 16)
- RE: diffrent way of securing a subnet! Please help Jon Pastore (Apr 17)
- Re: diffrent way of securing a subnet! Please help watchmen (Apr 17)