Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Smell of extranet...

           
                            Company Y
                                   |
                                PC D
               |      
               |
PC A------------------      |
PC B-------------------      SWITCH------------- PC C----------Company X



Issue:
PC A, PC B and PC C are property of company X, PC D is property of company Y

PC A and PC B do not have to exchange traffic with PC X, while they have to communicate with PC C.
PC D does have to be able to send traffic to PC C, and also be accessed  (AND ADNINISTERED, OWNED by company Y).
Of course PCs of the 2 companies should be separated from each other, except for this communication between PC D and PC C.


How would you resolve ?
Feel free to consider firewalls, VLAN, more than one NIC per PC and reposition /replace the switch.
Thanks





0
minicuc
Asked:
minicuc
2 Solutions
 
lapukmanCommented:
The easiest is to create a static NAT that would enable traffic between PC C and PC D only. No need to create VLAN as PC A, B and C could be in the same subnet. You could create NAT in your router or in your firewall...

Hope this helps.

Lapukman
0
 
bluebirds1984Commented:
along with the VLAN you could use Taggin to ensure you know where the packets will go.

you could implement standard 802.1q

http://www.nwfusion.com/news/tech/2001/0305tech.html

i know this standard is supported on alcatel 7800 switches and all newer ones.
0
 
SlyDogCommented:
The easiest solution is to run two different IP layouts.
Example:

PC A IP = 10.10.1.1
PC B IP = 10.10.1.2
PC C IP = 10.10.1.3 and 10.10.2.3
PC D Ip = 10.10.2.2

0
 
minicucAuthor Commented:
Thanks all,
LAPUKMAN and SLYDOG suggestions can be integrated, I am thinking of using Pc C with 2 NICs, one connected to Pc A  and Pc B thru the switch, the other connected to Pc D thru a firewall.
What do you think of this solution ? LAPUKMAN, with respect to just filtering the packet, the static NAT would increase somehow the separation of the two companies' PCs thru obscurity, hiding real destination IP address, right ?
Could I do this with a software firewall product ?

Thanks
0
 
lapukmanCommented:
Well, yes that is correct (well, not hiding the destination, but rather the source). Though I would much pretty much prefer hardware firewall, but I think there are software firewall that could do NATting like Checkpoint's Firewall-1, though I haven't used it yet.

Lapukman
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now