Security Basics mailing list archives
Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports
From: Thomas Anderson <zelnaga () gmail com>
Date: Sat, 15 Aug 2009 16:27:02 -0500
On Fri, Aug 14, 2009 at 3:18 PM, Justin Mitchell<jgmitchell () gmail com> wrote:
On Thu, Aug 13, 2009 at 3:00 PM, Thomas Anderson<zelnaga () gmail com> wrote:Right now, I have maybe 10-20 computers plugged into a VPN enabled router. Problem with this setup is that if one computer behind the router does something "bad" all the computers behind the router suffer the consequences if the ISP decides to disable the connection, temporarily or otherwise. Normally, the way to work around this would be to just get a hub or a switch and connect through that, however, if that's done, all the computers would have to have VPN software installed on them and managing 10-20 computers is much more of a logistical challenge than managing one router. The ideal solution, it seems to me, would be a switch that connects each port, individually, to the VPN. If firewall rules could be applied universally to all ports, as well, that'd be helpful. Any ideas?You are going to have this problem regardless, using a single shared connection for 10-20 computers. To prevent a single computer from affecting the others would require each computer to have it's own dedicated connection to the internet.
That's what I'm proposing. I just don't want to have to setup 10-20 computers, individually, on a VPN - I'd much prefer to have some single device route traffic for all of those 10-20 computers as appropriate. ie. I could have 10-20 routers configured in the same way and each computer plugged into it's own router but that would still be 10-20 devices to manage. Granted, that would be easier than reinstalling VPN software every time a computer gets reformated, but still. I don't get internet access through a cable modem, DSL modem, or anything like that - I get it through a single 100mbit ethernet connection. The router has its own IP address assigned through DHCP and if I had the computers connected to a hub instead of a router it would be each of the 10-20 computers that would be doing the DHCP request instead - not the router. I could plug a hub into the router and replug all the computers on the LAN to the hub. Once that's done, I could use promiscuous mode on a dedicated computer to police the network, myself, and although that would have some merit, it wouldn't solve the problem at hand unless I were using the exact same rules my ISP was and for some reason, I don't think my ISP's going to be *that* helpful. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Offsite confidential data storage?, (continued)
- Re: Offsite confidential data storage? Ali, Saqib (Aug 18)
- Re: Offsite confidential data storage? Tom Ritter (Aug 18)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- RE: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- Message not available
- Re: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Richard Golodner (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Message not available
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gillett (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gress (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Thomas Anderson (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports David Gillett (Aug 18)