1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Seperate LAN and WAN

Discussion in 'Networking' started by tacyog, Nov 2, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. tacyog

    tacyog Thread Starter

    Joined:
    Nov 2, 2011
    Messages:
    4
    Hi,
    I am planning the following network setup.
    Get a server with 2 NICs, a router and a switch
    1st NIC is connected to Internet
    2nd NIC is connected to a router
    A router is connected to a switch
    All the client workstation are connected to Switch to access the server.

    I believe with this setup all my client workstations can browse the internet on their local machine via server.
    I want to restrict this and they should be allowed to access internet only via remote dektop to the server.

    Moreover I also want to restrict the following:
    The client users should not be allowed any cut/copy/paste operations from local to server via remote desktop.

    The server will be hosting the Active directory for internal domain.

    Kindly assist me with this setup.

    Regards,
    tacyog
     
  2. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,786
    So you want to waste money on TS Licenses just so your users can access the internet?
     
  3. tacyog

    tacyog Thread Starter

    Joined:
    Nov 2, 2011
    Messages:
    4
    Of course I will not want to waste money on TS licenses. But I couldnt think of any other solution to acheive this. Please suggest if there is any alternative to this solution which is more cost effective.It will be highly appreciated.
     
  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    So what exactly are you trying to do with this set up beyond providing internet access to your users from a single server?
     
  5. tacyog

    tacyog Thread Starter

    Joined:
    Nov 2, 2011
    Messages:
    4
    I run a small software development setup. I want to protect the code files from being transffered from my local network to the internet world.
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    Well, I'm not sure how much you want to spend and what you consider cost effective. Because if your intellectual property is that important to you or the company's viability, you wouldn't skimp on data protection to a reasonable degree. I haven't played with Websense in a while but they seem to have expanded their product offerings to include data protection.

    One of the things you need to put in place if it hasn't been done already is a security/IT policy. Many people think that INFOSEC starts with some sort of technology. It doesn't. It starts with written policies and having employees sign a written document spelling out their understanding and acceptance. Only when this is in place can you layer on technological products. Because no technology is 100% fool proof and when these systems fail, you need a legally binding document/agreement to properly deal with employees which violate these terms whether it be by mistake or by intention.
     
  7. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    Many small business class firewalls also have application based security. I have not looked into this too much, but have seen demos where documents can have embedded information in them that will not let them leave the LAN. This of course is useless if you allow workers to use thumb drives or DVD writers. Documents or policies however do not trump human nature.
     
  8. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,786
    And you removed all their DVD/CD writers and glued all their USB ports and SDcard slots shut? Then you also have to make sure they don't bring in their own personal computer and attach it to the network and start copying data.
     
  9. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    I've worked in very secure environments with extremely sensitive data. There are ways to monitor said activity and to control removeable media.

    But as I said. The number 1 priority is to have a policy in place that addresses this. Because if there is a will there is a way to get around all of this. In the end proper auditing and a lock tight legal document are the only ways to cover yourself in these matters. And yes, there have been people who have been criminally prosecuted in the secure environments I've worked in. Usually, the threat of criminal and/or civil prosecution usually keeps the honest people honest and gives you the ability to go after the ones that are not so honest.
     
  10. Rockn

    Rockn

    Joined:
    Jul 29, 2001
    Messages:
    21,334
    And the policy needs to be applied to everyone, from the low man on the totem pole to the head office muckety mucks who think they need special privileges. I agree that a solid security policy and computer use is a must for legal reasons and should be in place. If you don't plan for these contingencies up front it will bite you in the end. You need to use a multi-tiered approach to securing your info and map it out carefully.
     
  11. Squashman

    Squashman Trusted Advisor

    Joined:
    Apr 4, 2003
    Messages:
    19,786
    I agree with you ZX. I work with data from Banks on a daily basis. I not only have a signed agreement with my company I also have a signed agreement with some of the Banks I do work for. I also have to re-certify with an I.T. security class with one of our clients every year. We also have to keep the data encrypted when it is not in use and there are only a few people who are are allowed to decrypt and encrypt the data.
     
  12. tacyog

    tacyog Thread Starter

    Joined:
    Nov 2, 2011
    Messages:
    4
    We already have the Security/IT policies in place. No CD/DVD writers are connected and also all USB ports and SD card slots are disabled. Personal Computers are also not allowed.

    The legal action will only come into play only when it is identified that there is a breach of security.

    So I believe; first I need to setup the network to avoid as much as possible any breach of security.
    And secondly I need to have some system in place which will always look out for any security breach. If anything suspicious is identified by this monitoring system; ofcourse the legal actions will come into play.

    Kindly suggest a solution to handle this.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025085

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice