[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

Seeing machines on network through separate NIC

I have two NICs in my one of my network machines (Unit A).  One NIC (NIC A, 10.10.10.n) is for a private network that communicates with another machine (Unit B), wihch has a NIC that also uses a 10.10.10.n address.  The second NIC in Unit A (NIC B) is connected to my enterprise's network and has a 10.200.n.n address.  However, from Unit B, which is connected to NIC A in Unit A, I can see machines on the NIC B (enterprise) network.  While access to the machine's data isn't an issue as the credentials are not available, I'd prefer to avoid having the NIC B machines viewable on the machine that connects through NIC A.  The NICs are not bridged in any way.  I hope that I explained this understandably.  Thanks.  
0
sjw601
Asked:
sjw601
  • 6
  • 6
  • 4
  • +2
3 Solutions
 
lisfolksCommented:
What are your subnet masks set to on each?
0
 
cbmmCommented:
That pc will have access to both subnets because you are connected to both. If you are worried that someone can use that machine to go across both subnets, it will not happen, that pc cannot route the data.. If you bridged them, then yes.
0
 
cbmmCommented:
Another thing, you obviously dont want someone using that computer that should not be.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
sjw601Author Commented:
Thanks.  The subnet on Unit B is 255.255.255.0.  Its the same on Unit A/NIC A and NIC B.  I know that neither side can access any machine without the credentials, but I don't quite understand why the enterprise machines show up in my Network in Explorer.  
0
 
cbmmCommented:
You are physically connected to the network, there is no way to prevent this. This is by design. Thats why a software firewall is always needed, ie Windows Firewall.
0
 
sjw601Author Commented:
Thanks.  I guess my thought was that, since Unit A and Unit B are connected with one NIC, and Unit A and the enterprise are connected with a different NIC, I would not be able to see the enterprise machines from Unit B.  Units a and B are connected with a separate NIC.  I can certainly use my firewall, though I've had issues with Windows Firewall.    
0
 
pergrCommented:
The second NIC in its settings probably has "share this connection" or "internet connection sharing" enabled. Disable it and the box will stop routing between subnets.
0
 
pwindellCommented:
Face the fact that this whole idea is just a horrible idea.

Forget multi-homing the machine and run one nic.

If you have two network segments,...connect them together with a LAN Router and control access at the Router with ACLs at Layer3 & 4 and control access at the higher Application levels using the natural tools where the resources are presented (such as NTFS and Share Permissions)

PCs should never be multi-homed unless they are being used as a PC-Based LAN Router, Proxy, or Firewall.  
0
 
cbmmCommented:
I dont know what his purpose for doing this is. I agree this is a bad idea, but sometimes you cant get around it, cost, etc.
0
 
sjw601Author Commented:
Thanks.  Now, my private network is connected to Unit A through an unmanaged switch.  Unit A/NIC B is connected to the enterprise network, but not through that switch.  My goal is to maintain security given the setup that I have, though adding another piece of hardware is an option.  NTFS shares/permissions are set to where they need to be.  (Internet connection sharing is disabled, and neither NIC has any other setting for "share this connection.)
0
 
cbmmCommented:
Why is this pc connected physically to two networks?
0
 
pwindellCommented:
I've been doing this a long long time,...I've always got around it.  There is never an excuse to do things "wrong",...there is always a right way to do it.  Sometimes it may require persistence from the IT guy to get the powers that be to spend the money if that is what needs to happen, but that is what they pay me for.  I tell them if you want this,...it costs this,...you won't spend it,...then you don't get it.
0
 
sjw601Author Commented:
>Why is this pc connected physically to two networks?
My aim was to segregate one network from the other.  Also, I could not connect to the enterprise network through a switch.  
0
 
cbmmCommented:
VLan
0
 
pwindellCommented:
Also, I could not connect to the enterprise network through a switch.  

Nobody can.  It has to be done through a router.  Granted L3 Switches are both a Switch and a Router built into the same piece of hardware (which muddys the waters and confuses the crap out of people) but they are still distinctly different functions.  
0
 
sjw601Author Commented:
One thing that I did, while not the best solution, was to use gpedit to change my private (Unidentified) network to a work network from the Win 7 setting of Public.  That seems to keep the machines hidden from view.  
0
 
sjw601Author Commented:
Nobody can.  It has to be done through a router.

I have more than a little learning ahead.  I have 10 machines on my private network going to a switch.  Would I replace the the switch?   I know that I can set accesses in a router.  Obviously, I'm not a network guy.  I'm just trying to make the system work while maintaining security.  A more knowledgable fellow suggested dual-homing a while back.  Thanks again!
0
 
pwindellCommented:
I understand.  Well with 10 machines there isn't much to secure there.  Just as a rule of thumb,...security "happens" at the place where the resources are being made available, usually the same functionality that makes the resources available is also what secures them.  For example a Web Server makes a web site available, but the web server is also where 90% of the security of the Web site resides.  You'll do well if you always think in that manner.

As far as the dual homing being suggested to you by someone,...this is just my personal opinion of course,...but the state of the IT industry is pretty much a wreck when it comes to qualified people doing the work.  Way too many people are in networking jobs when they are not competent and knowledgeable enough for the job.  This is exacerbated by the miserable state of the growing segment of the industry for "Home User Networking" that has flooded retail stores and butchered the terminology and the meaning of words and concepts.   So now anyone who can plug two CAT5 cables together thinks they are a Networker.

I personally think it should be something that is a licensed profession,....just like electricians.  Someone who doesn't know what they are doing can do just as much damage to a company in $$$ value as an unlicensed electrician causing a building fire.

One of the biggest complaints from one of the consultants that I've worked with was that he could not find qualified people to hire to save his life,...and he was only looking for someone with generalized networking and server system skills,...he wasn't looking for any specialists.  Ironically, a large part of the business we/he got was doing work repairing messes created by such people that they left in their wake as they moved through their "careers" from job to job.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 6
  • 6
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now