Solved

Need help with a DMZ type situation

Posted on 2015-02-05
5
112 Views
Last Modified: 2015-02-05
Hey guys and gals.  I have a situation where my client has 2 scientific devices attached to PCs that simply cannot run AV software . We will call them HYDRA devices.  We do not want any devices on the network without AV.  The problem is these devices generate and send data to a share on a server called DMZ1.  The data is then pulled to a third location that IS on the internal network.  I know the simple answer here is remove the gateway from the HYDRA devices so they cant get online but that's not possible.  My goal is to put the Hydra devices and DMZ1 in a DMZ type environment.  DMZ can run AV with no problem.  Any suggestions and does this make sense at all?
0
Comment
Question by:Steven Busher
  • 3
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Jeff Brown earned 500 total points
ID: 40592184
Create two networks

Network 1  for the hydra devices   example   192.168.10.1-254  subnet 255.255.255.0 (this network should have no route to the internet)

network 2 has your standard dhcp  example  192.168.1.1-254   subnet 255.255.255.0

Your DMZ box/server  should have 2 nic's   one with network 1 address  and one with network 2 address.  so it can communicate with both networks but hydra boxes have no route to the internet
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592190
if you use static addressing on network 1 you will not need additional settings.   You may possibly need two switches or a switch with vlan capabilities depending upon how picky hydra devices are.
0
 

Author Comment

by:Steven Busher
ID: 40592196
Hi Wildstar,

Thanks for the reply.  This makes sense and I can do that no problem but the only issue is the makers of Hydra need to periodically connect to the devices to install updates or fix problems.  I guess I could have them connect to the DMZ server then internally RDP to Hydra right?
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592204
correct  any outside action would need to go through your av equipped box that can communicate to both networks and the outside.   if they need direct contact for what ever reason you would need to put them on the main network to access them.
0
 

Author Closing Comment

by:Steven Busher
ID: 40592270
quick, accurate help.  Laid it out for me so it was easy to understand and wasn't condescending.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question