?
Solved

Need help with a DMZ type situation

Posted on 2015-02-05
5
Medium Priority
?
121 Views
Last Modified: 2015-02-05
Hey guys and gals.  I have a situation where my client has 2 scientific devices attached to PCs that simply cannot run AV software . We will call them HYDRA devices.  We do not want any devices on the network without AV.  The problem is these devices generate and send data to a share on a server called DMZ1.  The data is then pulled to a third location that IS on the internal network.  I know the simple answer here is remove the gateway from the HYDRA devices so they cant get online but that's not possible.  My goal is to put the Hydra devices and DMZ1 in a DMZ type environment.  DMZ can run AV with no problem.  Any suggestions and does this make sense at all?
0
Comment
Question by:Steven Busher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Jeff Brown earned 2000 total points
ID: 40592184
Create two networks

Network 1  for the hydra devices   example   192.168.10.1-254  subnet 255.255.255.0 (this network should have no route to the internet)

network 2 has your standard dhcp  example  192.168.1.1-254   subnet 255.255.255.0

Your DMZ box/server  should have 2 nic's   one with network 1 address  and one with network 2 address.  so it can communicate with both networks but hydra boxes have no route to the internet
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592190
if you use static addressing on network 1 you will not need additional settings.   You may possibly need two switches or a switch with vlan capabilities depending upon how picky hydra devices are.
0
 

Author Comment

by:Steven Busher
ID: 40592196
Hi Wildstar,

Thanks for the reply.  This makes sense and I can do that no problem but the only issue is the makers of Hydra need to periodically connect to the devices to install updates or fix problems.  I guess I could have them connect to the DMZ server then internally RDP to Hydra right?
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592204
correct  any outside action would need to go through your av equipped box that can communicate to both networks and the outside.   if they need direct contact for what ever reason you would need to put them on the main network to access them.
0
 

Author Closing Comment

by:Steven Busher
ID: 40592270
quick, accurate help.  Laid it out for me so it was easy to understand and wasn't condescending.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question