Difference between revisions of "User:Pgmurphy/SecureVLANs"
Jump to navigation
Jump to search
(→Issues) |
(→Issues) |
||
| Line 27: | Line 27: | ||
-A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT | -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT | ||
-A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT | -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT | ||
| + | |||
| + | Machines to block: | ||
| + | * GRENDEL1 | ||
| + | * GRENDEL2 | ||
| + | * GRENDEL3 | ||
| + | * GRENDEL4 | ||
| + | * GRENDEL5 | ||
| + | * GRENDEL6 | ||
| + | * EVENFLOW | ||
| + | * GARDEN | ||
| + | * OCEANS | ||
| + | * ONCE | ||
| + | * CI11 | ||
| + | * SLIPSTREAM | ||
| + | * PG-SERVER | ||
| + | * CESR-BLADE1 | ||
| + | * CESR-BLADE2 | ||
| + | * CESR-BLADE3 | ||
| + | * CESR-BLADE4 | ||
| + | * BEHEMOTH | ||
| + | * CLAYMORE | ||
| + | * GLADIUS | ||
| + | * HEADMASTER | ||
| + | * RAPIER | ||
| + | * SABRE | ||
| + | * BRUBECK | ||
| + | * EPEE | ||
| + | * SRV | ||
| + | * YOYO1 | ||
| + | * YOYO2 | ||
| + | * YOYO3 | ||
| + | * YOYO4 | ||
Revision as of 15:37, 13 December 2006
Private VLANS created for:
- Cameras
- PERYTON
- GRIFFIN
- Printers
- ECEPRINT
- SENTINEL
- OM
- LightsOut Management cards
- All Managed Servers
Setup
Allow 172 VLANS to only communicate (in/out) with:
- 152.14.98.x
- 152.1.51.x
Issues
Issues to address:
- Research machines in the server rooms
- Remote access machines in the server rooms
Solution:
- Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT
Machines to block:
- GRENDEL1
- GRENDEL2
- GRENDEL3
- GRENDEL4
- GRENDEL5
- GRENDEL6
- EVENFLOW
- GARDEN
- OCEANS
- ONCE
- CI11
- SLIPSTREAM
- PG-SERVER
- CESR-BLADE1
- CESR-BLADE2
- CESR-BLADE3
- CESR-BLADE4
- BEHEMOTH
- CLAYMORE
- GLADIUS
- HEADMASTER
- RAPIER
- SABRE
- BRUBECK
- EPEE
- SRV
- YOYO1
- YOYO2
- YOYO3
- YOYO4