[LUNI] Making a private network somewhat public.

Carey Tyler Schug sqrfolkdnc at comcast.net
Thu Dec 13 19:59:50 CST 2007 

The original problem also stated "send reports over the internet".

Doesn't sound like a continuous 24x7 kind of task.  Plug the web enabled 
computer into the internal network, create and send email, unplug.  Or, 
connect web enabled computer into internal network (only), create email, 
unplug and plug into www (or dial-up) and send email.  The exploit would 
have to be intelligent enough to work unsupervised and store-and-forward 
whatever it did.

Also, If you want it, a 100% security solution.  Connect two serial 
ports together, with the internal computer configured as an output port 
and the web computer configured as input.  No amount of hacking on the 
web computer can affect the internal network, since it only WRITES to 
the connection.  This could be custom or some software unknown to me, or 
the internal computer could run a terminal emulator (via a script) to 
talk to a terminal session on the www, and create a file (in edit) and 
"type" the report into that computer, and close the file.

Another 100% solution, more costly, but simpler.   Get some kind of 
shared storage with two separate connections, one for the web side and 
one for the internal side.  Write the report to disk from the internal 
side, read from web enabled side.   This could also be an automated tape 
(or writable DVD) library, perhaps more of them have dual porting than 
current disk arrays, and might be useful in its own right for backups 
(and maybe you already have a tape library?).  here are some examples of 
dual port SCSI disk arrays on ebay:
http://cgi.ebay.com/HP-SFS20-Storage-Array-Enclosure-MSA20-with-Dual-Port_W0QQitemZ270196591601QQihZ017QQcategoryZ64072QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
http://cgi.ebay.com/HP-SFS20-Storage-Array-Enclosure-MSA20-with-Dual-Port_W0QQitemZ270196598912QQihZ017QQcategoryZ64072QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
There may be other shared storage solutions, but SAN connected via 
Ethernet *MAY* be susceptible to being compromised via commands sent 
over Ethernet.  I am much more confident that a SCSI connected storage 
array cannot be hacked into via SCSI commands, and even if it was, it 
could not attack your internal network that only talks to it via a SCSI 
interface.

This last could be more general, the www computer could request a 
specific report which the internal network would then create for it.  
The other solutions tend to imply some fixed set of reports that go out 
on some fixed schedule.

-- 
Carey Tyler Schug

More information about the luni mailing list