[THIN] Re: Way OT: Vendor access equipment on your internal networks
- From: Jon Spriggs <jon.spriggs@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Wed, 9 Nov 2005 22:17:50 +0000
For a low cost solution, how about building a desktop machine up with
Linux, turn it into a router (extremely straight forward!) and make it
so that it doesn't route into your corporate networks (ie, it drops
all the packets that aren't going directly to the proxy or going out
through your firewall)
This is extremely simple stuff, and with it, you can provide full
access to the internet or tailor outbound connections to only specific
VPN ports, or ... well, whatever really.
I'd be happy to provide a hand if anyone needs direction with this,
but I'm not amazing with the iptables comands, I can just provide a
couple of pointers...
Jon
On 09/11/05, Steve Greenberg <steveg@xxxxxxxxxxxxxx> wrote:
>
>
> A VPN over WiFi is a great idea, you might be able to use CAG to do this as
> well!
>
> Steve Greenberg
> Thin Client Computing
> 34522 N. Scottsdale Rd. suite D8453
> Scottsdale, AZ 85262
> (602) 432-8649
> (602) 296-0411 fax
> steveg@xxxxxxxxxxxxxx
>
>
>
>
> ________________________________
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Michael Pardee
> Sent: Wednesday, November 09, 2005 10:10 AM
> To: thin@xxxxxxxxxxxxx
>
> Subject: [THIN] Re: Way OT: Vendor access equipment on your internal
> networks
>
>
> I recommended a VPN'd wifi solution today. We'll see if that's where the
> network teams agrees we should go.
>
>
> On 11/9/05, Evan Mann <emann@xxxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > It's popular to setup a dedicated VLAN for guest, and using policy based
> routing to make that VLAN be able to access the internet only. It's easy
> to do, but requires you have the ability to setup VLAN's and do policy based
> routing
> >
> >
> > ________________________________
>
> > From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Steve Greenberg
> > Sent: Wednesday, November 09, 2005 12:02 PM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Way OT: Vendor access equipment on your internal
> networks
> >
> >
> >
> >
> > I have seen a number of companes who setup a separate WiFi or wired
> network for outside access and make it available to certain areas such as
> the conference rooms........
> >
> >
> > Steve Greenberg
> > Thin Client Computing
> > 34522 N. Scottsdale Rd. suite D8453
> > Scottsdale, AZ 85262
> > (602) 432-8649
> > (602) 296-0411 fax
> > steveg@xxxxxxxxxxxxxx
> >
> >
> >
> >
> > ________________________________
> From: thin-bounce@xxxxxxxxxxxxx [mailto: thin-bounce@xxxxxxxxxxxxx] On
> Behalf Of Michael Pardee
> > Sent: Wednesday, November 09, 2005 9:57 AM
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Way OT: Vendor access equipment on your internal networks
> >
> >
> >
> > I'm curious how others are handling this. We are seeing more and more
> external parties (Vendors, Auditors, etc.) that want to plug their equipment
> in to our internal networks. Usually it is just to do some kind of
> presentation. Here at our data center we have an external DSL line that we
> just move from conference room to conference room and that gets them
> internet connectivity without them touching our internal networks.
> >
> > Lately these requests have come from remote locations that don't have much
> infrastructure other than thin clients and network ports. No DSL at those
> sites at all.
> >
> > How are you handing this kind of issue when someone from outside
> needs/wants to plug in to get network connectivity? A vendor presentation
> is one thing but auditors can live on site for months and, more recently,
> want to bring their own file server with them.
> >
> > We check to make sure they have AV software, that it is running, and that
> the DATs are current, but that won't prevent someone from running a sniffer
> or password cracker on the network.
> >
> > We are working with the network team to fence them of using VPNs but I
> thought I would ask how others are handing this situation.
> >
> > Thanks in advance.
> >
> > Mike.
>
>
--
Jon "Four Star Gun" Spriggs AKA
Jon "The Nice Guy" Spriggs
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
