Difference between revisions of "User:Pgmurphy/SecureVLANs"
Jump to navigation
Jump to search
(→Issues) |
(→Issues) |
||
| Line 40: | Line 40: | ||
* ONCE -- done! | * ONCE -- done! | ||
* CI11 | * CI11 | ||
| − | * SLIPSTREAM | + | * SLIPSTREAM -- done! |
| − | + | * CESR-BLADE1 -- done! | |
| − | * CESR-BLADE1 | + | * CESR-BLADE2 -- done! |
| − | * CESR-BLADE2 | + | * CESR-BLADE3 -- done! |
| − | * CESR-BLADE3 | + | * CESR-BLADE4 -- done! |
| − | * CESR-BLADE4 | ||
* BEHEMOTH | * BEHEMOTH | ||
* CLAYMORE | * CLAYMORE | ||
| Line 56: | Line 55: | ||
* FALCHION | * FALCHION | ||
* SRV | * SRV | ||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 14:58, 13 December 2006
Private VLANS created for:
- Cameras
- PERYTON
- GRIFFIN
- Printers
- ECEPRINT
- SENTINEL
- OM
- LightsOut Management cards
- All Managed Servers
Setup
Allow 172 VLANS to only communicate (in/out) with:
- 152.14.98.x
- 152.1.51.x
Issues
Issues to address:
- Research machines in the server rooms
- Remote access machines in the server rooms
Solution:
- Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT
Machines to block:
- GRENDEL1 -- done!
- GRENDEL2 -- done!
- GRENDEL3 -- done!
- GRENDEL4 -- done!
- GRENDEL5 -- done!
- GRENDEL6 -- done!
- EVENFLOW -- done!
- GARDEN -- done!
- OCEANS -- done!
- ONCE -- done!
- CI11
- SLIPSTREAM -- done!
- CESR-BLADE1 -- done!
- CESR-BLADE2 -- done!
- CESR-BLADE3 -- done!
- CESR-BLADE4 -- done!
- BEHEMOTH
- CLAYMORE
- GLADIUS
- HEADMASTER
- RAPIER
- SABRE
- BRUBECK
- EPEE
- FALCHION
- SRV