Results 1 to 7 of 7

Thread: Will This Work??

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    15

    Question Will This Work??

    Hi everyone,
    I have a small query on networking and wonder anyone could enlighten me on this and if this scenario is possible.
    My box is Win2K Pro which has a net card connected to a broad band service to a secure wesite for downloading data from a government agency. After this data is downloaded it is then copied using a diskette or a cd and is uploaded to our internal central processor for further processing. The internal network is using a different ip add. and the Win2K box is using an ip add as provided by the government agency. In this scenario is it possible to install two net cards in the Win2K box with diff ip addresses??? lets say one user named "External" logs into the system and downloads the data. After that another user "Internal" logs in and then uploads the data into the central processor? The box must then be hooked up to the internal Lan Hub for this.
    Could someone out there, throw me some light on this. Thanks a million in advance
    Regs
    Ffive

  2. #2
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    Hi ffive,

    Yes, normally, Win2K Pro does support having 2 separate network cards with different IP addresses. You may need to edit your network configuration to ensure proper routing, but, in theory, you shouldn't even have to, your routers should do that. You would not have to switch users for this (and I don't even know if you could limit a user's access to one network card and not the other, maybe with a separate hardware profile).

    However, before you go down this route, you may want to verify whether the government agency you are dealing with would allow this construction. If they have supplied you with a separate network address, not directly or fully connected to the rest of the big bad world out there, they may not like the idea of you creating this connection.

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    2
    Hi
    I suggest the following: Connect the "external" as usual to the "gov agency". After the download is done, just disconnect the network cable, connect to the internal Hub / switch and upload to your "internal processor". with this you will not violate (to my knowledge) and legal binding of your contract. (normally, transfer of data by electronic means will be permitted, provided security precautions are taken care of). For this particular folder, please change the permissions of access to "external" and "internal" users.

    As per the internal connectivity is concerned, you may have to connect a simple proxy machine with two NICs, one having "external" IP address and the other "internal IP". If you think that this is not possible for economic, simple sol etc., you can change the IP address of the machine without rebooting.

    Good luck
    Nadiminti

  4. #4
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    1- I'll say that is your internal network is highly sensitive, you'll introduce a risk by using a XP workstation in the middle of internet/intranet.
    Even if the PC does not have ip forwarding active, an attacker could gain admin access to the PC and use it to bounce into ur network ... (I would not do that...)

    2- Be aware that windows can have just a single default gateway (0.0.0.0). There is no problem by using sveral NICs (I think its up to 4 for many mother boards) but the default gateway will have to be on the internet side. For the internal side you'll have to configure statically your internal routes (it could be aggregated in 1 or 2, I guess!).
    TO configure statics routes on windows use the route add command from the dos prompt.

    ...
    [shadow] SHARING KNOWLEDGE[/shadow]

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    nadiminti that is a good thought, but you are probably still going to void any aggreements doing it that way. Because whenever you connect the box to the "internal" network it could still be compromised and infected. Then whenever it's hooked back up to the "goverment" connection it could then attack that system. You know what I mean, having trojans being spread and what not. Right now you are copying information to a media, than taking it from the current box to the processor. So therefore nothing from the outside is going into the box that's hooked up to the "goverment" connection.

    Yeah I would suggest talking to the goverment agency as they would tell you whether or not they would like their box being connected to any other network. Maybe they would want you to setup a hardware firewall between the system connected to their network and your internal network. But yeah in general your idea will work. It's like setting up an ICS (Internet Connection Service) on a Win2k box to connection a broadband connection to an internal network (which is what it is generally used for).

    Just an added thought...
    ~AciD
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    15
    thanks guys, will first of all talk to the govn agencies and work it out with them first. and then will try to do this.
    Thanks again
    Ffive

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    686
    let us know how it goes!
    [shadow]There is no right and wrong, only fun and boring...
    Formatting my server because someone hacked into it sounds pretty boring to me...
    That\'s why it\'s all about AntiOnline.com!
    [/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •