Seperate LAN and WAN

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

tacyog

Thread Starter
Joined
Nov 2, 2011
Messages
4
Hi,
I am planning the following network setup.
Get a server with 2 NICs, a router and a switch
1st NIC is connected to Internet
2nd NIC is connected to a router
A router is connected to a switch
All the client workstation are connected to Switch to access the server.

I believe with this setup all my client workstations can browse the internet on their local machine via server.
I want to restrict this and they should be allowed to access internet only via remote dektop to the server.

Moreover I also want to restrict the following:
The client users should not be allowed any cut/copy/paste operations from local to server via remote desktop.

The server will be hosting the Active directory for internal domain.

Kindly assist me with this setup.

Regards,
tacyog
 

Squashman

Retired Trusted Advisor
Joined
Apr 4, 2003
Messages
19,786
So you want to waste money on TS Licenses just so your users can access the internet?
 

tacyog

Thread Starter
Joined
Nov 2, 2011
Messages
4
Of course I will not want to waste money on TS licenses. But I couldnt think of any other solution to acheive this. Please suggest if there is any alternative to this solution which is more cost effective.It will be highly appreciated.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,665
So what exactly are you trying to do with this set up beyond providing internet access to your users from a single server?
 

tacyog

Thread Starter
Joined
Nov 2, 2011
Messages
4
I run a small software development setup. I want to protect the code files from being transffered from my local network to the internet world.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,665
Well, I'm not sure how much you want to spend and what you consider cost effective. Because if your intellectual property is that important to you or the company's viability, you wouldn't skimp on data protection to a reasonable degree. I haven't played with Websense in a while but they seem to have expanded their product offerings to include data protection.

One of the things you need to put in place if it hasn't been done already is a security/IT policy. Many people think that INFOSEC starts with some sort of technology. It doesn't. It starts with written policies and having employees sign a written document spelling out their understanding and acceptance. Only when this is in place can you layer on technological products. Because no technology is 100% fool proof and when these systems fail, you need a legally binding document/agreement to properly deal with employees which violate these terms whether it be by mistake or by intention.
 
Joined
Jul 29, 2001
Messages
21,334
Many small business class firewalls also have application based security. I have not looked into this too much, but have seen demos where documents can have embedded information in them that will not let them leave the LAN. This of course is useless if you allow workers to use thumb drives or DVD writers. Documents or policies however do not trump human nature.
 

Squashman

Retired Trusted Advisor
Joined
Apr 4, 2003
Messages
19,786
And you removed all their DVD/CD writers and glued all their USB ports and SDcard slots shut? Then you also have to make sure they don't bring in their own personal computer and attach it to the network and start copying data.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,665
I've worked in very secure environments with extremely sensitive data. There are ways to monitor said activity and to control removeable media.

But as I said. The number 1 priority is to have a policy in place that addresses this. Because if there is a will there is a way to get around all of this. In the end proper auditing and a lock tight legal document are the only ways to cover yourself in these matters. And yes, there have been people who have been criminally prosecuted in the secure environments I've worked in. Usually, the threat of criminal and/or civil prosecution usually keeps the honest people honest and gives you the ability to go after the ones that are not so honest.
 
Joined
Jul 29, 2001
Messages
21,334
And the policy needs to be applied to everyone, from the low man on the totem pole to the head office muckety mucks who think they need special privileges. I agree that a solid security policy and computer use is a must for legal reasons and should be in place. If you don't plan for these contingencies up front it will bite you in the end. You need to use a multi-tiered approach to securing your info and map it out carefully.
 

Squashman

Retired Trusted Advisor
Joined
Apr 4, 2003
Messages
19,786
I agree with you ZX. I work with data from Banks on a daily basis. I not only have a signed agreement with my company I also have a signed agreement with some of the Banks I do work for. I also have to re-certify with an I.T. security class with one of our clients every year. We also have to keep the data encrypted when it is not in use and there are only a few people who are are allowed to decrypt and encrypt the data.
 

tacyog

Thread Starter
Joined
Nov 2, 2011
Messages
4
We already have the Security/IT policies in place. No CD/DVD writers are connected and also all USB ports and SD card slots are disabled. Personal Computers are also not allowed.

The legal action will only come into play only when it is identified that there is a breach of security.

So I believe; first I need to setup the network to avoid as much as possible any breach of security.
And secondly I need to have some system in place which will always look out for any security breach. If anything suspicious is identified by this monitoring system; ofcourse the legal actions will come into play.

Kindly suggest a solution to handle this.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top