Solved

Need help with a DMZ type situation

Posted on 2015-02-05
5
119 Views
Last Modified: 2015-02-05
Hey guys and gals.  I have a situation where my client has 2 scientific devices attached to PCs that simply cannot run AV software . We will call them HYDRA devices.  We do not want any devices on the network without AV.  The problem is these devices generate and send data to a share on a server called DMZ1.  The data is then pulled to a third location that IS on the internal network.  I know the simple answer here is remove the gateway from the HYDRA devices so they cant get online but that's not possible.  My goal is to put the Hydra devices and DMZ1 in a DMZ type environment.  DMZ can run AV with no problem.  Any suggestions and does this make sense at all?
0
Comment
Question by:Steven Busher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Jeff Brown earned 500 total points
ID: 40592184
Create two networks

Network 1  for the hydra devices   example   192.168.10.1-254  subnet 255.255.255.0 (this network should have no route to the internet)

network 2 has your standard dhcp  example  192.168.1.1-254   subnet 255.255.255.0

Your DMZ box/server  should have 2 nic's   one with network 1 address  and one with network 2 address.  so it can communicate with both networks but hydra boxes have no route to the internet
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592190
if you use static addressing on network 1 you will not need additional settings.   You may possibly need two switches or a switch with vlan capabilities depending upon how picky hydra devices are.
0
 

Author Comment

by:Steven Busher
ID: 40592196
Hi Wildstar,

Thanks for the reply.  This makes sense and I can do that no problem but the only issue is the makers of Hydra need to periodically connect to the devices to install updates or fix problems.  I guess I could have them connect to the DMZ server then internally RDP to Hydra right?
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592204
correct  any outside action would need to go through your av equipped box that can communicate to both networks and the outside.   if they need direct contact for what ever reason you would need to put them on the main network to access them.
0
 

Author Closing Comment

by:Steven Busher
ID: 40592270
quick, accurate help.  Laid it out for me so it was easy to understand and wasn't condescending.
0

Featured Post

Get Database Help Now w/ Support & Database Audit

Keeping your database environment tuned, optimized and high-performance is key to achieving business goals. If your database goes down, so does your business. Percona experts have a long history of helping enterprises ensure their databases are running smoothly.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question