I'll preface this with "I know just enough to be dangerous".
I've had a simple network going at work for years using pfsense, nothing fancy at all, pfsense does dhcp and all, firewall, some content filtering (keeping employees off youtube and such.
I've got a new box that is running some business software that is old and insecure. It's absolute crap. These guys turn off windows firewall, turn off antivirus, and lower UAC to nothing to get it to run on Windows 8.1. I'm stuck with it. We need to access this software from a couple of other PC's on our wifi network, but I'm not comfortable with it sitting there pretty unsecured (it seems to me) on the same network as our other machines, one in particular runs out order management software and is full of customer data and card numbers and such. It's encrypted that database, but still. My dream was to run that software, the new software, and several other network things we use off this one shiny new box I built since it's huge and fast but this crappy new software seems to have killed that idea.
I was thinking something like Figure B here, the trihomed DMZ.
http://www.techrepublic.com/article/solutionbase-strengthen-network-defenses-by-using-a-dmz/
Thoughts?
I've had a simple network going at work for years using pfsense, nothing fancy at all, pfsense does dhcp and all, firewall, some content filtering (keeping employees off youtube and such.
I've got a new box that is running some business software that is old and insecure. It's absolute crap. These guys turn off windows firewall, turn off antivirus, and lower UAC to nothing to get it to run on Windows 8.1. I'm stuck with it. We need to access this software from a couple of other PC's on our wifi network, but I'm not comfortable with it sitting there pretty unsecured (it seems to me) on the same network as our other machines, one in particular runs out order management software and is full of customer data and card numbers and such. It's encrypted that database, but still. My dream was to run that software, the new software, and several other network things we use off this one shiny new box I built since it's huge and fast but this crappy new software seems to have killed that idea.
I was thinking something like Figure B here, the trihomed DMZ.
http://www.techrepublic.com/article/solutionbase-strengthen-network-defenses-by-using-a-dmz/
Thoughts?
Facebook
Twitter