Difference between revisions of "User:Pgmurphy/SecureVLANs"

From WolfTech
Jump to navigation Jump to search
Line 27: Line 27:
 
  -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT
 
  -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT
 
  -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT
 
  -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT
 +
 +
Machines to block:
 +
* GRENDEL1
 +
* GRENDEL2
 +
* GRENDEL3
 +
* GRENDEL4
 +
* GRENDEL5
 +
* GRENDEL6
 +
* EVENFLOW
 +
* GARDEN
 +
* OCEANS
 +
* ONCE
 +
* CI11
 +
* SLIPSTREAM
 +
* PG-SERVER
 +
* CESR-BLADE1
 +
* CESR-BLADE2
 +
* CESR-BLADE3
 +
* CESR-BLADE4
 +
* BEHEMOTH
 +
* CLAYMORE
 +
* GLADIUS
 +
* HEADMASTER
 +
* RAPIER
 +
* SABRE
 +
* BRUBECK
 +
* EPEE
 +
* SRV
 +
* YOYO1
 +
* YOYO2
 +
* YOYO3
 +
* YOYO4

Revision as of 14:37, 13 December 2006

Private VLANS created for:

  • Cameras
    • PERYTON
    • GRIFFIN
  • Printers
    • ECEPRINT
    • SENTINEL
    • OM
  • LightsOut Management cards
    • All Managed Servers

Setup

Allow 172 VLANS to only communicate (in/out) with:

  • 152.14.98.x
  • 152.1.51.x

Issues

Issues to address:

  1. Research machines in the server rooms
  2. Remote access machines in the server rooms

Solution:

  • Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT
-A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT
-A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT
-A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT

Machines to block:

  • GRENDEL1
  • GRENDEL2
  • GRENDEL3
  • GRENDEL4
  • GRENDEL5
  • GRENDEL6
  • EVENFLOW
  • GARDEN
  • OCEANS
  • ONCE
  • CI11
  • SLIPSTREAM
  • PG-SERVER
  • CESR-BLADE1
  • CESR-BLADE2
  • CESR-BLADE3
  • CESR-BLADE4
  • BEHEMOTH
  • CLAYMORE
  • GLADIUS
  • HEADMASTER
  • RAPIER
  • SABRE
  • BRUBECK
  • EPEE
  • SRV
  • YOYO1
  • YOYO2
  • YOYO3
  • YOYO4