Security Basics mailing list archives
Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports
From: <jamesworld () intelligencia com>
Date: Fri, 14 Aug 2009 14:05:51 -0500
Not quite sure about your 'work around' but if I am reading this right. You might be looking for Private VLANS See: http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html
Set the VPN router as a Promiscuous and the users as Isolated. If there is a LAN printer or local server, set that up as Promiscuous too.
The router should be able to be configured with an inbound Access-list to block whatever you want.
Go 1 step further and either Static IP or make DHCP reservations.This is again based all on your scenario and what your intend outcome is to look like.
If you are wanting to be able to stop 'something bad' on the LAN side as it (or more specifically before it) goes out, you need to look at either stopping it on the host or on the network before it goes out. (Application Aware Firewall and/or IPS)
HTH At 03:00 PM 8/13/2009, Thomas Anderson wrote:
Right now, I have maybe 10-20 computers plugged into a VPN enabled router. Problem with this setup is that if one computer behind the router does something "bad" all the computers behind the router suffer the consequences if the ISP decides to disable the connection, temporarily or otherwise. Normally, the way to work around this would be to just get a hub or a switch and connect through that, however, if that's done, all the computers would have to have VPN software installed on them and managing 10-20 computers is much more of a logistical challenge than managing one router. The ideal solution, it seems to me, would be a switch that connects each port, individually, to the VPN. If firewall rules could be applied universally to all ports, as well, that'd be helpful. Any ideas?
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 14)
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports jamesworld (Aug 14)
- Offsite confidential data storage? Saverio M. (Aug 18)
- Re: Offsite confidential data storage? Ali, Saqib (Aug 18)
- Re: Offsite confidential data storage? Tom Ritter (Aug 18)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- RE: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- Message not available
- Re: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports jamesworld (Aug 14)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Message not available