[LUNI] Making a private network somewhat public.

[Richard Reina]

Carey,

Thank you very much for your reply.  Although your suggestions are somewhat
complicated for me they certainly seem secure.  I really appreciate the
advice.  I will look very closely at these suggestions.

Thanks again.

Richard

On Dec 13, 2007 7:59 PM, Carey Tyler Schug <sqrfolkdnc at comcast.net> wrote:

> The original problem also stated "send reports over the internet".
>
> Doesn't sound like a continuous 24x7 kind of task.  Plug the web enabled
> computer into the internal network, create and send email, unplug.  Or,
> connect web enabled computer into internal network (only), create email,
> unplug and plug into www (or dial-up) and send email.  The exploit would
> have to be intelligent enough to work unsupervised and store-and-forward
> whatever it did.
>
> Also, If you want it, a 100% security solution.  Connect two serial
> ports together, with the internal computer configured as an output port
> and the web computer configured as input.  No amount of hacking on the
> web computer can affect the internal network, since it only WRITES to
> the connection.  This could be custom or some software unknown to me, or
> the internal computer could run a terminal emulator (via a script) to
> talk to a terminal session on the www, and create a file (in edit) and
> "type" the report into that computer, and close the file.
>
> Another 100% solution, more costly, but simpler.   Get some kind of
> shared storage with two separate connections, one for the web side and
> one for the internal side.  Write the report to disk from the internal
> side, read from web enabled side.   This could also be an automated tape
> (or writable DVD) library, perhaps more of them have dual porting than
> current disk arrays, and might be useful in its own right for backups
> (and maybe you already have a tape library?).  here are some examples of
> dual port SCSI disk arrays on ebay:
>
> http://cgi.ebay.com/HP-SFS20-Storage-Array-Enclosure-MSA20-with-Dual-Port_W0QQitemZ270196591601QQihZ017QQcategoryZ64072QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
>
> http://cgi.ebay.com/HP-SFS20-Storage-Array-Enclosure-MSA20-with-Dual-Port_W0QQitemZ270196598912QQihZ017QQcategoryZ64072QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
> There may be other shared storage solutions, but SAN connected via
> Ethernet *MAY* be susceptible to being compromised via commands sent
> over Ethernet.  I am much more confident that a SCSI connected storage
> array cannot be hacked into via SCSI commands, and even if it was, it
> could not attack your internal network that only talks to it via a SCSI
> interface.
>
> This last could be more general, the www computer could request a
> specific report which the internal network would then create for it.
> The other solutions tend to imply some fixed set of reports that go out
> on some fixed schedule.
>
> --
> Carey Tyler Schug
>
> --
> Linux Users Of Northern Illinois - Technical Discussion
> http://luni.org/mailman/listinfo/luni
>