How can I securely share files between to private Lans in the same building - Firewalls

This is a discussion on How can I securely share files between to private Lans in the same building - Firewalls ; Our company and another company in the same building need to share 200mb+ files on a daily basis. We are close enough to run a few cables between the lans but we want to maintain security by limiting access to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: How can I securely share files between to private Lans in the same building

  1. How can I securely share files between to private Lans in the same building

    Our company and another company in the same building need to share
    200mb+ files on a daily basis. We are close enough to run a few cables
    between the lans but we want to maintain security by limiting access
    to a single file share or 1 share on each network and keep our own
    Internet routers, dhcp servers, running. We each use soho routers
    (Linksys & Netgear) with no dmz ports on them. I was thinking of
    purchasing two more soho firewalls and connecting the Lan interface on
    each one to each of our Lans and adding static routes on our current
    routers to route traffic to them. I would then have two options. 1)
    connect the wan ports to a hub and plug a server into the hub. 2)
    Configure a VPN on each firewall so that any traffic covered by the
    policy will automatically be routed to the other network. I would
    prefer option 1 because it seems to isolate both networks better than
    2. I don't know if any of this will work. I'd appreciate your input.

    thanks
    NH


  2. Re: How can I securely share files between to private Lans in the same building

    BrooklynBadass wrote:
    > Our company and another company in the same building need to share
    > 200mb+ files on a daily basis. We are close enough to run a few cables
    > between the lans but we want to maintain security by limiting access
    > to a single file share or 1 share on each network and keep our own
    > Internet routers, dhcp servers, running. We each use soho routers
    > (Linksys & Netgear) with no dmz ports on them. I was thinking of
    > purchasing two more soho firewalls and connecting the Lan interface on
    > each one to each of our Lans and adding static routes on our current
    > routers to route traffic to them. I would then have two options. 1)
    > connect the wan ports to a hub and plug a server into the hub. 2)
    > Configure a VPN on each firewall so that any traffic covered by the
    > policy will automatically be routed to the other network. I would
    > prefer option 1 because it seems to isolate both networks better than
    > 2. I don't know if any of this will work. I'd appreciate your input.


    Try something like this:

    Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

    FW1 is the Firewall/Router for your company's internet access. FW2 is a
    Gateway from your LAN to a DMZ where you place a server hosting the
    shares you want to provide for the other company. VPN1 and VPN2 are VPN
    endpoints establishing a secure connection between your network and the
    other company's network. FW3 is located in your office, FW4 is located
    in the other company's office. That way you don't need to worry about
    someone wiretapping the transmission network between your two companies.

    On FW2 allow connections from LAN to DMZ but deny connections from DMZ
    to LAN (except for established connetions of course). Push the data you
    need to share with the other company to the server in the DMZ, and fetch
    data shared by the other company from that server (or from their server
    in their part of the VPN).

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  3. Re: How can I securely share files between to private Lans in the same building

    BrooklynBadass wrote:
    > Our company and another company in the same building need to share
    > 200mb+ files on a daily basis. We are close enough to run a few cables
    > between the lans but we want to maintain security by limiting access
    > to a single file share or 1 share on each network and keep our own
    > Internet routers, dhcp servers, running. We each use soho routers
    > (Linksys & Netgear) with no dmz ports on them. I was thinking of
    > purchasing two more soho firewalls and connecting the Lan interface on
    > each one to each of our Lans and adding static routes on our current
    > routers to route traffic to them. I would then have two options. 1)
    > connect the wan ports to a hub and plug a server into the hub. 2)
    > Configure a VPN on each firewall so that any traffic covered by the
    > policy will automatically be routed to the other network. I would
    > prefer option 1 because it seems to isolate both networks better than
    > 2. I don't know if any of this will work. I'd appreciate your input.


    Try something like this:

    Internet --- FW1 --- LAN --- FW2 --- DMZ --- VPN1 === VPN2 --- Other Company

    FW1 is the Firewall/Router for your company's internet access. FW2 is a
    Gateway from your LAN to a DMZ where you place a server hosting the
    shares you want to provide for the other company. VPN1 and VPN2 are VPN
    endpoints establishing a secure connection between your network and the
    other company's network. VPN1 is located in your office, VPN2 is located
    in the other company's office. That way you don't need to worry about
    someone wiretapping the transmission network between your two companies.

    On FW2 allow connections from LAN to DMZ but deny connections from DMZ
    to LAN (except for established connetions of course). Push the data you
    need to share with the other company to the server in the DMZ, and fetch
    data shared by the other company from that server (or from their server
    in their part of the VPN).

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

+ Reply to Thread