Hi all,
(First of all I want to apologise if I am misplacing this question, if so
I'd appreciate if anyone could point me to the right direction)
So here is the situation:
We have about 250 computers that are isolated in a high-security network,
we want to give internet access to those computer users without
compromising the secured networkof course our first thought is to buy
250 computers so the users can switch between computers (one for the
secure network, one for internet) but that might not be most practical
solution
So, I've been looking around and I've found a product called DATAGATE,
from Tenix which works as a "Data Diode" looks interesting but I'd
like to have a second opinion
Does anyone know about other products or techniques on how to accomplish
this?
thanks!
This list is sponsored by: Norwich University
EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

hello,

did you considered virualization, with vmware for example?
I didn't see yet an enterprise-wide deployment of this technique but
obvious steps would be 1. creating a system image containing the
Internet environment
2. Installing VM Player on each computer and setting a virtual network interface
3.Configuring a sub net for VMs that is different from physical
computer sub net. It allows a better control at the firewall/router
level.

That being said, this is certainly not a practical solution for
deployment or administration, but I'm not aware of specific products
that could do the job.

sami.

2006/10/10, Santiago Barahona <sant-bar (AT) dsv (DOT) su.se>:
Hi all,

(First of all I want to apologise if I am misplacing this question, if so
I'd appreciate if anyone could point me to the right direction)

So here is the situation:

We have about 250 computers that are isolated in a high-security network,
we want to give internet access to those computer users without
compromising the secured networkof course our first thought is to buy
250 computers so the users can switch between computers (one for the
secure network, one for internet) but that might not be most practical
solution

So, I've been looking around and I've found a product called DATAGATE,
from Tenix which works as a "Data Diode" looks interesting but I'd
like to have a second opinion

Does anyone know about other products or techniques on how to accomplish
this?

thanks!
--

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

--

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

Thank you all for your great answers!!!
Its helping me lots!!

I will take a closer look to all your suggestions and try to come
with the best solution
I will keep you guys informed!

cheers,

santiago

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

Security-wise, it would be more appropriate to separate the networks.
Finance-wise, it would be infeasible to supply two machines for each
employee. Perhaps install a small number of computers (less than
half the # of employees) can be supplied on a sharing-basis with
priority on business-related matters.

As for installing Virtual machines on company systems, I'm a little
hesitant in suggesting something like that. The effort required by
the I.T. department to support this might be a little less optimal.
Since I know nothing about the P's systems, I'm assuming everyone's
using a standard P4. Even on my P4 1.8, having a VMWare system
running, slows down the system. The only way this would work is
if the I.T. department created a standard Internet-Accessible
guest /S (*Nix based, since I don't think you'd be legally
permitted to have x # of machines running the same Windows
guest) and then install a virtual machine player, i.e. VMWare
player.

Mind you, I do know that virtual machines are used in a
development environment; but it just adds another 'factor'
in maintaining a single system's integrity.

That's just my $0.02.

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

You must consider the cost of the solution. You must need to know that how
sensitive is your data? So whether you for another 250 computers, or any
hardware firewall appliance or whatever, you must have to consider the cost
of the solution compare to your data.

Regards
Adnan Rafik- UG Leader Techies

UG : http://www.techiesonly.com
Web: http://www.adnanrafik.com
Blog: http://7layers.blogspot.com
Cell: +971-50-631 7154

Message
From: listbounce (AT) securityfocus (DOT) com [mailto:listbounce (AT) securityfocus (DOT) com]
Behalf Ed
Sent: Wednesday, 11, 2006 6:41 AM
To: security-basics (AT) securityfocus (DOT) com
Subject: Re: computer two different networks

Security-wise, it would be more appropriate to separate the networks.
Finance-wise, it would be infeasible to supply two machines for each
employee. Perhaps install a small number of computers (less than half the #
of employees) can be supplied on a sharing-basis with priority on
business-related matters.

As for installing Virtual machines on company systems, I'm a little hesitant
in suggesting something like that. The effort required by the I.T.
department to support this might be a little less optimal.
Since I know nothing about the P's systems, I'm assuming everyone's using a
standard P4. Even on my P4 1.8, having a VMWare system running, slows down
the system. The only way this would work is if the I.T. department created
a standard Internet-Accessible guest /S (*Nix based, since I don't think
you'd be legally permitted to have x # of machines running the same Windows
guest) and then install a virtual machine player, i.e. VMWare player.

Mind you, I do know that virtual machines are used in a development
environment; but it just adds another 'factor'
in maintaining a single system's integrity.

That's just my $0.02.

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE The NSA has
designated Norwich University a center of Academic Excellence in Information
Security. program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

ND32 1.1773 (20060925) Information

This message was checked by ND32 antivirus system.
http://www.eset.com

This list is sponsored by: Norwich University

EARN A MASTER F SCIENCE IN INFRMATIN ASSURANCE - NLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.