+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
*nix Thread, Secure Contractor/Visitor Internet in Technical; Hi, We have a meeting/training room where we have companies giving us product demo's etc... What would be the best ...
  1. #1

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Secure Contractor/Visitor Internet

    Hi,

    We have a meeting/training room where we have companies giving us product demo's etc...

    What would be the best of having a network point in the room that gives them internet access securely without the possiblity of their machine compromising our lan.

    Would a firewall i.e smoothwal in between this data point and our network do the job or not?

    Or any other ideas.

    Our internet is provided by the lea via a cisco router, all of our traffic has to go out via their internal proxy server as well.

    If you need more info shout.

    Ben

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Secure Contractor/Visitor Internet

    Sounds like an ideal job for Smoothwall, set up the meeting room on the red interface to protect your network and enable snort for intrusion detection. Smoothwall (free version) will only provide a firewall on one interface, so the meetings room won't be protected against attacks from within your network. If you need to firewall incoming and outgoing traffic between your network and the meetings room, can be done with iptables - or maybe check some of the smoothwall mods on the smoothwall forum.

    edit: and of course you'll need to open http and https to the LEA proxy

  3. #3
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Secure Contractor/Visitor Internet

    You could use the orange interface as well and implement the full firewall mod this allows you to fully control the traffic between each interface.

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Thats what I thought having used smoothie free and corporate before, obviously with this setup it would give out dhcp on the green interface which would be the meeting room secure point and then the red, internet interface is actually my internal lan I presume? or as the firewall will allow all traffic from the green onto the red is that actually going to protect the rest of the lan?

    Ben

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Secure Contractor/Visitor Internet

    As Chris suggested the Full Firewall Control mod will do just what you need, I found it here:

    http://community.smoothwall.org/foru...pic.php?t=9593

  6. #6

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Cheers CN will have a look at it now.
    Gotta download any iso's etc... I need from home because doubt it will work at school.


    Ben

  7. #7
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Secure Contractor/Visitor Internet

    I think in the smoothwall case the meeting room would be on the orange interface which is usually the DMZ or a Wireless AP and your Lan would be green. Im not sure if it supports that kind of configuration though.
    I think you will probably get the desired result with the mod I mentioned with a basic red and green. You just need to say traffic on the internet ports you need can only go to your router IP and nowhere else on green.
    Alternatively a basic Linux install with IP tables configured by Shorewall is fairly easy to use.

  8. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Ok Chris thanks for that I'm keen to ge ta smoothie box installed again and have a play but will look at others toos. Just will be nice to have a data point labelled "Secure Internet" and be able to have demo guys just plug into without worrying about the state of their laptop because they all tell me there are no viruses etc... on their laptop.

    Ben

  9. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Ok got smoothie express 2 installed but still playing with it. I suppose the ideal solution would be a small appliance type device maybe a mini-itx machine that could be transported to wherever the contractor/sales person needs internet access and then plugged in between them and your network.

    As we have a conference room where these things normally take place I can trial this with a standard mini tower pc.

    Ben

  10. #10

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,596
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181

    Re: Secure Contractor/Visitor Internet

    You could also try IPCOP - I know that this allows you to run SNORT on the Red and Green interfaces plus it's a little more feature-rich out of the box than Smoothwall Free (or whatever it's name is).

  11. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Thanks for the suggestion I'm happy with my smoothwall express these have a fond place in my heart.

    Ben

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,596
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181

    Re: Secure Contractor/Visitor Internet

    Quote Originally Posted by plexer
    Thanks for the suggestion I'm happy with my smoothwall express these have a fond place in my heart.

    Ben
    I guess it's down to which side you took when the projects split

  13. #13

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,611
    Thank Post
    647
    Thanked 1,616 Times in 1,446 Posts
    Rep Power
    421

    Re: Secure Contractor/Visitor Internet

    Indeed it is ric indeed it is

    Ben

  14. #14

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,924
    Thank Post
    709
    Thanked 551 Times in 366 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Secure Contractor/Visitor Internet

    I am watching this thread interest as we are about to start community room and idea of having a secure network point from rest of network sounds good...

    Just thinking there might be times when staff want to use it and access main network is there anyway to do this with smooth or IPCOP by having some kind of client installed on laptop like for example..

    ideas

    Russ

  15. #15

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Secure Contractor/Visitor Internet

    If you have managed switches, why not vlan it?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Anyone recommend IT contractor?
    By Steele in forum Windows
    Replies: 17
    Last Post: 25th March 2009, 09:22 AM
  2. Secure Printing
    By FreeWill in forum Wireless Networks
    Replies: 2
    Last Post: 9th October 2007, 11:45 AM
  3. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  4. Making RDP more secure
    By mattx in forum Windows
    Replies: 2
    Last Post: 7th February 2007, 01:52 PM
  5. Secure Folder
    By SimpleSi in forum Windows
    Replies: 17
    Last Post: 5th October 2006, 12:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •