How can I securely share files between to private Lans in the same building

How can I securely share files between to private Lans in the same building

am 18.07.2007 13:05:04 von BrooklynBadass

Our company and another company in the same building need to share
200mb+ files on a daily basis. We are close enough to run a few cables
between the lans but we want to maintain security by limiting access
to a single file share or 1 share on each network and keep our own
Internet routers, dhcp servers, running. We each use soho routers
(Linksys & Netgear) with no dmz ports on them. I was thinking of
purchasing two more soho firewalls and connecting the Lan interface on
each one to each of our Lans and adding static routes on our current
routers to route traffic to them. I would then have two options. 1)
connect the wan ports to a hub and plug a server into the hub. 2)
Configure a VPN on each firewall so that any traffic covered by the
policy will automatically be routed to the other network. I would
prefer option 1 because it seems to isolate both networks better than
2. I don't know if any of this will work. I'd appreciate your input.

thanks
NH

Re: How can I securely share files between to private Lans in the same building

am 18.07.2007 14:27:37 von Ansgar -59cobalt- Wiechers

BrooklynBadass wrote:
> Our company and another company in the same building need to share
> 200mb+ files on a daily basis. We are close enough to run a few cables
> between the lans but we want to maintain security by limiting access
> to a single file share or 1 share on each network and keep our own
> Internet routers, dhcp servers, running. We each use soho routers
> (Linksys & Netgear) with no dmz ports on them. I was thinking of
> purchasing two more soho firewalls and connecting the Lan interface on
> each one to each of our Lans and adding static routes on our current
> routers to route traffic to them. I would then have two options. 1)
> connect the wan ports to a hub and plug a server into the hub. 2)
> Configure a VPN on each firewall so that any traffic covered by the
> policy will automatically be routed to the other network. I would
> prefer option 1 because it seems to isolate both networks better than
> 2. I don't know if any of this will work. I'd appreciate your input.

Try something like this:

Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

FW1 is the Firewall/Router for your company's internet access. FW2 is a
Gateway from your LAN to a DMZ where you place a server hosting the
shares you want to provide for the other company. VPN1 and VPN2 are VPN
endpoints establishing a secure connection between your network and the
other company's network. FW3 is located in your office, FW4 is located
in the other company's office. That way you don't need to worry about
someone wiretapping the transmission network between your two companies.

On FW2 allow connections from LAN to DMZ but deny connections from DMZ
to LAN (except for established connetions of course). Push the data you
need to share with the other company to the server in the DMZ, and fetch
data shared by the other company from that server (or from their server
in their part of the VPN).

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: How can I securely share files between to private Lans in the same building

am 20.07.2007 23:42:15 von Ansgar -59cobalt- Wiechers

BrooklynBadass wrote:
> Our company and another company in the same building need to share
> 200mb+ files on a daily basis. We are close enough to run a few cables
> between the lans but we want to maintain security by limiting access
> to a single file share or 1 share on each network and keep our own
> Internet routers, dhcp servers, running. We each use soho routers
> (Linksys & Netgear) with no dmz ports on them. I was thinking of
> purchasing two more soho firewalls and connecting the Lan interface on
> each one to each of our Lans and adding static routes on our current
> routers to route traffic to them. I would then have two options. 1)
> connect the wan ports to a hub and plug a server into the hub. 2)
> Configure a VPN on each firewall so that any traffic covered by the
> policy will automatically be routed to the other network. I would
> prefer option 1 because it seems to isolate both networks better than
> 2. I don't know if any of this will work. I'd appreciate your input.

Try something like this:

Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

FW1 is the Firewall/Router for your company's internet access. FW2 is a
Gateway from your LAN to a DMZ where you place a server hosting the
shares you want to provide for the other company. VPN1 and VPN2 are VPN
endpoints establishing a secure connection between your network and the
other company's network. VPN1 is located in your office, VPN2 is located
in the other company's office. That way you don't need to worry about
someone wiretapping the transmission network between your two companies.

On FW2 allow connections from LAN to DMZ but deny connections from DMZ
to LAN (except for established connetions of course). Push the data you
need to share with the other company to the server in the DMZ, and fetch
data shared by the other company from that server (or from their server
in their part of the VPN).

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich