File server two nics. 1 nic on your untrusted users vlan, the other on your trusted users vlan. Create a share on the untrusted users side, and the same share on your trusted users side. Setup the untrusted nic as a member of the private profile on the firewall (assuming win 2008+) and only open the port for smb. Also, do not have a default gateway on the untrusted nic as well. AV is also a must as well.
Good luck From: Brian Desmond [mailto:[email protected]] Sent: Monday, September 19, 2011 2:16 PM To: NT System Admin Issues Subject: RE: Best way to restrict access to file server? IPSec or 802.1x come to mind. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: Paul Hutchings [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, September 19, 2011 12:26 PM To: NT System Admin Issues Subject: Best way to restrict access to file server? I think there are a few ways to skin this cat so I'm throwing it open for any views on the pros and cons of each. An office, network ports are wall mounted and all go back to a central comms cupboard. In the office are two groups of people. The two groups need an area where they can store/share files, but whilst one group has access to the regular LAN one group is untrusted so we want them as far away from the regular LAN as possible. How would you do it? ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
