Well, your best way fo going about this is to have a second firewall, or a
second subnet off the primary firewall. THat way you can apply full control
on the communications between the two subnets. A vlan/acl/packet filter
setup would be viable, but it wouldnt provide the total control or
information gathering capacity a good firewall would.
You have other options that are less desirable, but combined could be
viable, for example using a secure identification and authentication method
(i.e. secureid et al...) for all access to the developement machines, or to
use a shared storage facility with restrictive permissions for all files
transferred to and from the developement systems.
One other important thing you need to remember is that anyone with unimpeded
or unmonitored physical access to a system will eventually be abel to break
in, no matter how well protected the system is in software.
Christopher Dinsmore
CCSE CCSA NCSA MCSE
===========================
Netegrity Technical Support
[EMAIL PROTECTED]
781-890-1700
===========================
-----Original Message-----
From: Boris [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 18, 1999 1:11 PM
To: [EMAIL PROTECTED]
Subject: Development vs. Production Subnets?
Here is a practical question:
Imagine an office which has a LAN with a bunch of clients
working on a daily basis with a production version of the
software.
All the clients are on the "production subnet", while there
are also some "development machines", which contain all
kind of source code and other nice stuff ...
The whole office LAN is behind the firewall, so it is (supposedly)
protected. But what is the best way to protect the "development
machines" from the "production subnet" people?
Any "constructive" advice is greatly appreciated.
Thanks,
Bob.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
