Solved

Need help with a DMZ type situation

Posted on 2015-02-05
5
116 Views
Last Modified: 2015-02-05
Hey guys and gals.  I have a situation where my client has 2 scientific devices attached to PCs that simply cannot run AV software . We will call them HYDRA devices.  We do not want any devices on the network without AV.  The problem is these devices generate and send data to a share on a server called DMZ1.  The data is then pulled to a third location that IS on the internal network.  I know the simple answer here is remove the gateway from the HYDRA devices so they cant get online but that's not possible.  My goal is to put the Hydra devices and DMZ1 in a DMZ type environment.  DMZ can run AV with no problem.  Any suggestions and does this make sense at all?
0
Comment
Question by:Steven Busher
  • 3
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Jeff Brown earned 500 total points
ID: 40592184
Create two networks

Network 1  for the hydra devices   example   192.168.10.1-254  subnet 255.255.255.0 (this network should have no route to the internet)

network 2 has your standard dhcp  example  192.168.1.1-254   subnet 255.255.255.0

Your DMZ box/server  should have 2 nic's   one with network 1 address  and one with network 2 address.  so it can communicate with both networks but hydra boxes have no route to the internet
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592190
if you use static addressing on network 1 you will not need additional settings.   You may possibly need two switches or a switch with vlan capabilities depending upon how picky hydra devices are.
0
 

Author Comment

by:Steven Busher
ID: 40592196
Hi Wildstar,

Thanks for the reply.  This makes sense and I can do that no problem but the only issue is the makers of Hydra need to periodically connect to the devices to install updates or fix problems.  I guess I could have them connect to the DMZ server then internally RDP to Hydra right?
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592204
correct  any outside action would need to go through your av equipped box that can communicate to both networks and the outside.   if they need direct contact for what ever reason you would need to put them on the main network to access them.
0
 

Author Closing Comment

by:Steven Busher
ID: 40592270
quick, accurate help.  Laid it out for me so it was easy to understand and wasn't condescending.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question