1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security reasons to stay separate

Discussion in 'Networking' started by ljCharlie, Apr 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. ljCharlie

    ljCharlie Thread Starter

    Joined:
    Mar 19, 2004
    Messages:
    50
    We are a separate entity charity organization; however, we are also a branch of a bigger non-profit organization. Currently the CIO expressed opinions that he wants control over our network which contains 50 workstations and 6 servers. Two of those servers are database servers that contain crucial information. We are concern that if he takes over and moved all those servers to his location, would we increase the probability of being attacked by hackers since it will become a bigger target for hackers? Currently our Internet access and emails are from them, but as far as maintaining all the workstations and servers, that is done in house. We have our own separate firewall that protects all over machines before it goes out to their network and to the Internet. Will anyone give me some reasons to stay separate from their control over our network and machines?

    Many thanks for your help. Any suggestion is greatly appreciated!

    ljCharlie
     
  2. 10forcash

    10forcash

    Joined:
    Aug 7, 2003
    Messages:
    343
    firstly, if your gateway is through the main company, then the risk of hackers etc. would be no greater, secondly, I assume the gateway has its own firewall, in which case, that is your main level of defence, your firewall is the secondary. Finally, if you are using SDSL, or fast ADSL connections with a fixed IP address, then filesharing can be accomplished using a VPN link with file replication to speed up access to data.
    provided you use strong encryption (5DES or better) there is little risk of anyone capturing your data, it would also provide another route for backup (you do back up your data daily don't you ?) The main thing you need to ensure is that password policies are enforced, 7 characters or more including CAPITALS and numbers
    Cheers,
    10forcash
     
  3. 10forcash

    10forcash

    Joined:
    Aug 7, 2003
    Messages:
    343
    As a possible line of defence, it may be worth suggesting that your servers are used to backup the main site's data and vice -versa, this would give you control over your own data and the main site near-realtime access to your data without sacrificing your autonomy. use a DFS to replicate data across the domains, generally, the maximum lag time for data propagation is 20 minutes
    hope this helps
    Cheers,
    10forcash
     
  4. ljCharlie

    ljCharlie Thread Starter

    Joined:
    Mar 19, 2004
    Messages:
    50
    Thank you for the response. We have a T1 line going from our building to the head quarter. We also have our own domain controller; however, our machines' IP address are acquired through their DHCP server. Maybe the risk of either case are the same, how do we justify being separate because we don't want their CIO and staff taking over our database and servers. In a sense, we like to keep their staff off our database as much as possible. So my main question is, how do we justify or reason to have our servers remains separate?

    ljCharlie
     
  5. hermes

    hermes

    Joined:
    Aug 12, 2000
    Messages:
    642
    Try this. One of the major staging grounds for distributed denial of service is from the compromised internal networks of charities. This method ensures the confidentiality of the attacker and renders the charity liable for the damage to the attacked network. For this reason many security vendors will secure a charities network for a nominal fee and use it as a case study for customers.

    If you are joining two networks together the spectre of sorting out the twin private address spaces can also be used to scare off the proposer. All that outside NAT...brrrrrrrrrr!!!!!!!
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219939

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice