Seeing machines on network through separate NIC
I have two NICs in my one of my network machines (Unit A). One NIC (NIC A, 10.10.10.n) is for a private network that communicates with another machine (Unit B), wihch has a NIC that also uses a 10.10.10.n address. The second NIC in Unit A (NIC B) is connected to my enterprise's network and has a 10.200.n.n address. However, from Unit B, which is connected to NIC A in Unit A, I can see machines on the NIC B (enterprise) network. While access to the machine's data isn't an issue as the credentials are not available, I'd prefer to avoid having the NIC B machines viewable on the machine that connects through NIC A. The NICs are not bridged in any way. I hope that I explained this understandably. Thanks.
What are your subnet masks set to on each?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another thing, you obviously dont want someone using that computer that should not be.
ASKER
Thanks. The subnet on Unit B is 255.255.255.0. Its the same on Unit A/NIC A and NIC B. I know that neither side can access any machine without the credentials, but I don't quite understand why the enterprise machines show up in my Network in Explorer.
You are physically connected to the network, there is no way to prevent this. This is by design. Thats why a software firewall is always needed, ie Windows Firewall.
ASKER
Thanks. I guess my thought was that, since Unit A and Unit B are connected with one NIC, and Unit A and the enterprise are connected with a different NIC, I would not be able to see the enterprise machines from Unit B. Units a and B are connected with a separate NIC. I can certainly use my firewall, though I've had issues with Windows Firewall.
The second NIC in its settings probably has "share this connection" or "internet connection sharing" enabled. Disable it and the box will stop routing between subnets.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I dont know what his purpose for doing this is. I agree this is a bad idea, but sometimes you cant get around it, cost, etc.
ASKER
Thanks. Now, my private network is connected to Unit A through an unmanaged switch. Unit A/NIC B is connected to the enterprise network, but not through that switch. My goal is to maintain security given the setup that I have, though adding another piece of hardware is an option. NTFS shares/permissions are set to where they need to be. (Internet connection sharing is disabled, and neither NIC has any other setting for "share this connection.)
Why is this pc connected physically to two networks?
I've been doing this a long long time,...I've always got around it. There is never an excuse to do things "wrong",...there is always a right way to do it. Sometimes it may require persistence from the IT guy to get the powers that be to spend the money if that is what needs to happen, but that is what they pay me for. I tell them if you want this,...it costs this,...you won't spend it,...then you don't get it.
ASKER
>Why is this pc connected physically to two networks?
My aim was to segregate one network from the other. Also, I could not connect to the enterprise network through a switch.
My aim was to segregate one network from the other. Also, I could not connect to the enterprise network through a switch.
VLan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One thing that I did, while not the best solution, was to use gpedit to change my private (Unidentified) network to a work network from the Win 7 setting of Public. That seems to keep the machines hidden from view.
ASKER
Nobody can. It has to be done through a router.
I have more than a little learning ahead. I have 10 machines on my private network going to a switch. Would I replace the the switch? I know that I can set accesses in a router. Obviously, I'm not a network guy. I'm just trying to make the system work while maintaining security. A more knowledgable fellow suggested dual-homing a while back. Thanks again!
I have more than a little learning ahead. I have 10 machines on my private network going to a switch. Would I replace the the switch? I know that I can set accesses in a router. Obviously, I'm not a network guy. I'm just trying to make the system work while maintaining security. A more knowledgable fellow suggested dual-homing a while back. Thanks again!
I understand. Well with 10 machines there isn't much to secure there. Just as a rule of thumb,...security "happens" at the place where the resources are being made available, usually the same functionality that makes the resources available is also what secures them. For example a Web Server makes a web site available, but the web server is also where 90% of the security of the Web site resides. You'll do well if you always think in that manner.
As far as the dual homing being suggested to you by someone,...this is just my personal opinion of course,...but the state of the IT industry is pretty much a wreck when it comes to qualified people doing the work. Way too many people are in networking jobs when they are not competent and knowledgeable enough for the job. This is exacerbated by the miserable state of the growing segment of the industry for "Home User Networking" that has flooded retail stores and butchered the terminology and the meaning of words and concepts. So now anyone who can plug two CAT5 cables together thinks they are a Networker.
I personally think it should be something that is a licensed profession,....just like electricians. Someone who doesn't know what they are doing can do just as much damage to a company in $$$ value as an unlicensed electrician causing a building fire.
One of the biggest complaints from one of the consultants that I've worked with was that he could not find qualified people to hire to save his life,...and he was only looking for someone with generalized networking and server system skills,...he wasn't looking for any specialists. Ironically, a large part of the business we/he got was doing work repairing messes created by such people that they left in their wake as they moved through their "careers" from job to job.
As far as the dual homing being suggested to you by someone,...this is just my personal opinion of course,...but the state of the IT industry is pretty much a wreck when it comes to qualified people doing the work. Way too many people are in networking jobs when they are not competent and knowledgeable enough for the job. This is exacerbated by the miserable state of the growing segment of the industry for "Home User Networking" that has flooded retail stores and butchered the terminology and the meaning of words and concepts. So now anyone who can plug two CAT5 cables together thinks they are a Networker.
I personally think it should be something that is a licensed profession,....just like electricians. Someone who doesn't know what they are doing can do just as much damage to a company in $$$ value as an unlicensed electrician causing a building fire.
One of the biggest complaints from one of the consultants that I've worked with was that he could not find qualified people to hire to save his life,...and he was only looking for someone with generalized networking and server system skills,...he wasn't looking for any specialists. Ironically, a large part of the business we/he got was doing work repairing messes created by such people that they left in their wake as they moved through their "careers" from job to job.