Well, to control traffic on your network you would use either a firewall
or network segmentation. You can setup authentication through the
firewall and in that rule allow access to only certain machines (i.e.
Allow 10.0.0/24 to access 192.168.1.32/29 provided the user authenticates
to the firewall (through whatever means).
With network segmentation (which may or may not be an option) you can
setup something like a DMZ off your DMZ. IOW, you have usrers dial into
the DMZ, and then you put your servers you want to allow access to on a
separate network from your other production machines. Example
Internet
|
|
Dial-in DMZ------ FW ------- Secure Access Area (private DMZ)
|
|
Internal
Network
You can eliminate attempted connections from the outside to all internal
networks, and control access from the Dial-in DMZ to the private DMZ
while dropping any connections from the internet to the private DMZ. This
configuration would require at least 4 NIC's in your firewall. Your
Public DMZ would have your web servers, public DNS, mail, etc. with your
Total Control/Ascend hub.
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Tue, 6 Jul 1999 [EMAIL PROTECTED] wrote:
> Hello,
>
> has anyone a suggestion how I can handle remote diagnostic access to
> servers in our LAN. My first thought was to put the server which need
> remote diagnostic access in the DMZ. But in this case I have to put all
> my servers in the DMZ sooner or later. The remote diagnostic user
> shouldn't get any access to other servers on the LAN. Yes I know I
> asking for something impossible. But, if anyone has a solution please
> let me know. Thanks in advance.
>
> Peter Ruegamer
> Network Administrator
> MTU Friedrichshafen
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
