Attaching a PC to multiple LANs

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hi,

I have a requirement to attach a PC to several local area networks at
the same time in order monitor a number of servers. All the networks
are physically situated in the same building, however, it is very
important that data on any of the LANs is NEVER routed to any of the
other networks.

My idea is to install multiple NICs into a PC, and then physically
attach this PC to all the networks. I would have firewall software
installed on the PC, such as Sygate. There would be no internet
connection to the PC.

Is my plan to attach the PC simultaneously to multiple networks an
"acceptable" way of accomplishing my goal?

Is there a better way of doing this?

I would be grateful for any help or advice.

regards,
Ron
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<1124284469.913054.210540@g49g2000cwa.googlegroups.com>, rhoaste@hotmail.com
wrote:

>I have a requirement to attach a PC to several local area networks at
>the same time in order monitor a number of servers. All the networks
>are physically situated in the same building, however, it is very
>important that data on any of the LANs is NEVER routed to any of the
>other networks.

There are a number of ways this can be done. An important key is the type
of application that needs to be run. Is the information "text only", or
is there "pretty pictures"? What operating systems are used?

>My idea is to install multiple NICs into a PC, and then physically
>attach this PC to all the networks.

Depends on how many networks - and how big the computer is. For example
I have one system that has three Quad NICs (DFE-580TX), that has a total
of 12 networks attached - a hassle, but it works.

>Is my plan to attach the PC simultaneously to multiple networks an
>"acceptable" way of accomplishing my goal?

It depends on the security classification (or equivalent) and your threat
model. If a "bad guy" gains access to the computer, that person has access
to all traffic on the network. A slightly more secure mechanism would be to
have the "monitor" application on an individual system on each network, and
outputting serial data to a terminal application running on the PC. Using
a multi-port serial card, you can have as much as 64 serial inputs. A person
gaining access to this PC has only access to the data, not the networks.

>Is there a better way of doing this?

Define your threat model.

Old guy
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom