Security Basics mailing list archives
RE: One computer two different networks
From: mn19522 <mn19522 () yahoo com>
Date: Wed, 11 Oct 2006 12:28:52 -0700 (PDT)
Dear Santiago, It seems that placing two computers close together; one with an Internet connection and one an internal secure connection tempts one to manually transfer secure information to the Internet quite easily unless the secure computer has no access to removable, writable disks. It is also quite easy to scan secure documents to an insecure computer if local scanners are available. Computing security is not a frivolous issue and careful consideration of outgoing and incoming connections should be thoroughly thought out. Establishing an additional unclassified system is probably the most secure as long as the two access points are not co-located. Make it very difficult for people to access both systems at the same time. Requiring a log off from one before logging on to the other could be one part of the plan. Think long and hard before you implement such a convenient system, convenience is not good security practice using computers or anything else. Sincerely, Michael --- "Hagen, Eric" <hagene () DenverNewspaperAgency com> wrote:
My immediate thought is.... TWO computers. You have a private network with no Internet for the reason that you do not want the data on that network or on those PCs accessable to an attacker. If the PCs are on the Internet using a second network card in each computer, they are just as vulnerable as any normal computer, therefore, your network is just as vulnerable as any normal network. If the Internet is routed directly over this network, you can secure it via NAT and Firewalls, and this seems to me to be your best bet, but there are always attack vectors that can be used when a computer is on a public network. If your private network is truely "high-security", you cannot connect anything on it to a public network. Period. For example, the storage of TOP SECRET data according to DoD cannot be stored on a comptuer that has any sort of access to public networks. It has to be PHYSICALLY isolated from those networks. So exactly how "high-security" is your network and exactly how much security can you compromise by adding Internet traffic to the mix? Eric -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Santiago Barahona Sent: Tuesday, October 10, 2006 8:04 AM To: security-basics () securityfocus com Subject: One computer two different networks Hi all, (First of all I want to apologise if I am misplacing this question, if so I'd appreciate if anyone could point me to the right direction) So here is the situation: We have about 250 computers that are isolated in a high-security network, we want to give internet access to those computer users without compromising the secured network...of course our first thought is to buy 250 computers so the users can switch between computers (one for the secure network, one for internet)... but that might not be most practical solution... So, I've been looking around and I've found a product called DATAGATE, from Tenix which works as a "Data Diode"... looks interesting... but I'd like to have a second opinion... Does anyone know about other products or techniques on how to accomplish this?? thanks!
---------------------------------------------------------------------------
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: One computer two different networks, (continued)
- Re: One computer two different networks Andrew Hay (Oct 11)
- RE: One computer two different networks Ray Sawyer (Oct 11)
- RE: One computer two different networks Corey Watts-Jones (Oct 11)
- Re: One computer two different networks Ed (Oct 11)
- RE: One computer two different networks Adnan Rafik (Oct 13)
- RE: One computer two different networks Beauford, Jason (Oct 10)
- Re: One computer two different networks chris (Oct 10)
- Re: One computer two different networks dtodosichuk (Oct 10)
- RE: One computer two different networks Chris Poulter (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- RE: One computer two different networks mn19522 (Oct 11)
- RE: One computer two different networks evb (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 11)
- Re: One computer two different networks Steve (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- Re: One computer two different networks krymson (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 13)
- Re: Re: One computer two different networks anonymous (Oct 13)
- RE: One computer two different networks Hagen, Eric (Oct 13)
- Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 15)
- RE: One computer two different networks Laundrup, Jens (Oct 13)
(Thread continues...)
- Re: One computer two different networks Andrew Hay (Oct 11)