Q

How can we selectively distribute secure broadband Internet access through our LAN?

We have a network of approximately 100 users. Internet service is there for all staff via our LAN, which can be slow and painful -- for IT staff in particular. This has motivated us to get broadband Internet access for only the IT group (staff of 10). We want to keep this totally separate from our LAN for security reasons, but at the same time (if possible) use our LAN to distribute broadband to the entire IT staff. Using a firewall is an option, but we do not want to spend a lot of money on this. We were thinking of having a separate subnet, a dedicated PC for the broadband with a hub, which would distribute to the IT staff who will have two NICs in their PCs. Is this secure enough or can you suggest a better solution?
I'm afraid no solution can guarantee absolute security, but for every solution we need to strive to provide the best we can. Unfortunately, not firewalling any access to the Internet is NOT an option. Simply placing the access point in a separate subnet is not secure, and what security will the IT department have? Secondly, once an attacker compromises one of the dual-homed systems, she's ready to attack the rest of your network.

How were you planning to offer the rest of your LAN access to the Internet? You don't say how you are getting access via your LAN now. Is it not firewalled? There are both hardware and software firewall products in every price range. Since you were planning to dedicate a server for the broadband connection, you might consider Microsoft's Internet Security and Acceleration Server. In addition to being an excellent firewall, it can also...

act as a proxy and limit access to the Internet. IT could be given different access than the rest of the LAN, or even be the only ones allowed access. There are also hardware-based firewalls and software-based "personal" firewalls. You may want to consider determining what your organization's security policy is or should be, and then developing a solution that provides faster access, but is secure.

In addition, don't make the mistake of thinking that "just" having a firewall will make you secure. There are many other components you might want to think about in your security plan, such as intrusion detection and response, antivirus protection, etc. Remember, fast but insecure not only has the danger of slowing you down in the future, it can put you out of business.

This was first published in November 2002

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close