Secure Intranet on a LAN - Techist - Tech Forum

Go Back   Techist - Tech Forum > Internet > Computer Networking and Internet Hardware
Click Here to Login
Register FAQ Community Calendar Today's Posts Search Log in
Reply
 
Thread Tools Display Modes
 
Old 04-18-2013, 05:18 PM   #1 (permalink)
Newb Techie
 
Join Date: Apr 2013
Location: UK
Posts: 3
Default Secure Intranet on a LAN

Hello

I'm practising building networks and looking for some advice about secure hardware/network setup - just doing this at home at the moment as a test - so a simple system will do.

I am setting up an intranet on a Linux box running Apache. The intranet pages will be served to PCs in a LAN. The PCs in the LAN are also connected to the Internet.

The Linux box itself will not be connected to the Internet, protecting it from external attacks; but how do I configure the network to protect this server from attacks from within the LAN? It's not the server software and web application configuration I'm after, rather the network and network hardware side of it.

I am envisaging putting the server on a separate subnet from the rest of the LAN, and putting a router between the two as a firewall. Will this work?

Cheers
__________________

__________________
Daenerys is offline   Reply With Quote
Old 04-26-2013, 04:30 PM   #2 (permalink)
It's all just 1s and 0s
 
office politics's Avatar
 
Join Date: Jan 2004
Location: in the lab
Posts: 6,555
Send a message via MSN to office politics
Default Re: Secure Intranet on a LAN

putting a router between the server and the lan would help protect against finding the server via subnet scans. However, i suspect someone could find the server by analyzing the traffic via the lan. you should look to eliminate any unnecessary services running on network hardware, keep the firmware up to date, and use strong passwords on your equipment. Managed network devices, typically used in enterprises, should have controls for configuring the network ports. For instance, i remember studying cisco and at that time they had a setting for disabling auto connect for switch ports. this would prevent anyone from "plugging in" to the network with out authorization. a admin would have to "enable" the port.


http://www.nsa.gov/ia/_files/factshe...Datasheets.pdf
__________________

office politics is offline   Reply With Quote
Old 04-26-2013, 07:47 PM   #3 (permalink)
Super Techie
 
Join Date: Jan 2013
Location: USA
Posts: 407
Default Re: Secure Intranet on a LAN

Quote:
Originally Posted by Daenerys View Post

I am envisaging putting the server on a separate subnet from the rest of the LAN, and putting a router between the two as a firewall. Will this work?

Cheers
It would work, provided that the router can be used to configure access lists. Throwing a Linksys in there isn't going to help much.

Typically, you would create VLANs for the different broadcast domains in your network and you would use a router to control communication between the different VLANs. The idea is to grant the absolute minimum level of access that's required for the different network segments rather than trying to protect specific resources from the rest of the intranet. This would be a bit much for a home network, but you could easily set up a virtual environment with a simulator program like Packet Tracer.
__________________
DistraughtSysop is offline   Reply With Quote
Old 04-27-2013, 12:00 AM   #4 (permalink)
True Techie
 
Reckless's Avatar
 
Join Date: Feb 2013
Location: Canada
Posts: 188
Default Re: Secure Intranet on a LAN

As the Linux box is an intranet only, you can make an IP tables to refuse all traffic that is not static your internal network.

The IPtables would automatically drop the connection and there would be no fuss about it.
__________________
Reckless is offline   Reply With Quote
Old 04-28-2013, 06:13 AM   #5 (permalink)
Newb Techie
 
Join Date: Apr 2013
Location: UK
Posts: 3
Default Re: Secure Intranet on a LAN

Ok thanks guys, I will look into it!
__________________
Daenerys is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:58 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.