?
Solved

Need help with a DMZ type situation

Posted on 2015-02-05
5
Medium Priority
?
125 Views
Last Modified: 2015-02-05
Hey guys and gals.  I have a situation where my client has 2 scientific devices attached to PCs that simply cannot run AV software . We will call them HYDRA devices.  We do not want any devices on the network without AV.  The problem is these devices generate and send data to a share on a server called DMZ1.  The data is then pulled to a third location that IS on the internal network.  I know the simple answer here is remove the gateway from the HYDRA devices so they cant get online but that's not possible.  My goal is to put the Hydra devices and DMZ1 in a DMZ type environment.  DMZ can run AV with no problem.  Any suggestions and does this make sense at all?
0
Comment
Question by:Steven Busher
  • 3
  • 2
5 Comments
 
LVL 9

Accepted Solution

by:
Jeff Brown earned 2000 total points
ID: 40592184
Create two networks

Network 1  for the hydra devices   example   192.168.10.1-254  subnet 255.255.255.0 (this network should have no route to the internet)

network 2 has your standard dhcp  example  192.168.1.1-254   subnet 255.255.255.0

Your DMZ box/server  should have 2 nic's   one with network 1 address  and one with network 2 address.  so it can communicate with both networks but hydra boxes have no route to the internet
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592190
if you use static addressing on network 1 you will not need additional settings.   You may possibly need two switches or a switch with vlan capabilities depending upon how picky hydra devices are.
0
 

Author Comment

by:Steven Busher
ID: 40592196
Hi Wildstar,

Thanks for the reply.  This makes sense and I can do that no problem but the only issue is the makers of Hydra need to periodically connect to the devices to install updates or fix problems.  I guess I could have them connect to the DMZ server then internally RDP to Hydra right?
0
 
LVL 9

Expert Comment

by:Jeff Brown
ID: 40592204
correct  any outside action would need to go through your av equipped box that can communicate to both networks and the outside.   if they need direct contact for what ever reason you would need to put them on the main network to access them.
0
 

Author Closing Comment

by:Steven Busher
ID: 40592270
quick, accurate help.  Laid it out for me so it was easy to understand and wasn't condescending.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question