Beth,
From you description it's difficult to know exactly what you are trying to accomplish but I'll assume these workstations need to communicate with each other or a central server on a "private" separate
If your switches support VLANs you can create a separate network for these workstations. This wouldn't guard the confidentiality of the information but would limit the ability of someone to capture the traffic to these systems. They would have to be on the segment between the workstation and switch or on a backbone segment.
If you need confidentiality, you may be able to use the tunneling and encryption features of your routers to provide confidentiality between the physical sites. Combined with a VLAN, this would further limit the expose of the data. Unencypted data could only be captured on the segments between the workstations, switch and router or captured off the switch itself.
If this isn't sufficient you could install network layer encryption software on the workstations (i.e. IPSEC, SKIP) to encrypt transactions end-to-end.
-- Bill Stackpole, CISSP
| "Young, Beth A." <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 01/31/01 07:44 AM
|
To: [EMAIL PROTECTED] cc: Subject: Securing workstations when Firewall isn't an option |
I have an unusual situation that I need help resolving.
I have several physical locations (3-6 different buildings) that need a few
workstations (like 1-3) segregated from the rest of the network. The
workstations are doing credit-card transactions and from what we can see,
the software doesn't encrypt the information so we need network security to
fix the problem (why don't software companies, especially companies that
deal with electronic commerce put in security?!? But that is another
topic...)
So, how can I segregate so few workstations without putting a firewall in
each location? The expense of the 6 firewalls would be too costly for the
department.
Thanks for any suggestions,
Beth
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
