Difference between revisions of "User:Pgmurphy/SecureVLANs"

From WolfTech
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
==Details==
 +
* EB2
 +
**VLAN 455
 +
**172.26.0.0/24
 +
**256 IP addresses
 +
* MRC
 +
**VLAN 456
 +
**172.26.1.0/25
 +
**128 IP addresses
 +
* Partners I
 +
**VLAN 457
 +
**172.26.1.128/25
 +
**128 IP addresses
 +
* Poe
 +
**VLAN 275
 +
**172.25.0.128/25
 +
**128 IP addresses
 +
 +
==Purpose==
 
Private VLANS created for:
 
Private VLANS created for:
 
*Cameras  
 
*Cameras  
Line 36: Line 55:
 
* GRENDEL6 -- done!
 
* GRENDEL6 -- done!
 
* EVENFLOW -- done!
 
* EVENFLOW -- done!
* GARDEN --  
+
* GARDEN -- done!
* OCEANS
+
* OCEANS -- done!
* ONCE
+
* ONCE -- done!
* CI11
+
* SLIPSTREAM -- done!
* SLIPSTREAM
+
* CESR-BLADE1 -- done!
* PG-SERVER
+
* CESR-BLADE2 -- done!
* CESR-BLADE1
+
* CESR-BLADE3 -- done!
* CESR-BLADE2
+
* CESR-BLADE4 -- done!
* CESR-BLADE3
 
* CESR-BLADE4
 
* BEHEMOTH
 
* CLAYMORE
 
* GLADIUS
 
* HEADMASTER
 
* RAPIER
 
* SABRE
 
* BRUBECK
 
* EPEE
 
* FALCHION
 
* SRV
 
* YOYO1
 
* YOYO2
 
* YOYO3
 
* YOYO4
 

Latest revision as of 11:08, 12 February 2007

Details

  • EB2
    • VLAN 455
    • 172.26.0.0/24
    • 256 IP addresses
  • MRC
    • VLAN 456
    • 172.26.1.0/25
    • 128 IP addresses
  • Partners I
    • VLAN 457
    • 172.26.1.128/25
    • 128 IP addresses
  • Poe
    • VLAN 275
    • 172.25.0.128/25
    • 128 IP addresses

Purpose

Private VLANS created for:

  • Cameras
    • PERYTON
    • GRIFFIN
  • Printers
    • ECEPRINT
    • SENTINEL
    • OM
  • LightsOut Management cards
    • All Managed Servers

Setup

Allow 172 VLANS to only communicate (in/out) with:

  • 152.14.98.x
  • 152.1.51.x

Issues

Issues to address:

  1. Research machines in the server rooms
  2. Remote access machines in the server rooms

Solution:

  • Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT
-A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT
-A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT
-A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT

Machines to block:

  • GRENDEL1 -- done!
  • GRENDEL2 -- done!
  • GRENDEL3 -- done!
  • GRENDEL4 -- done!
  • GRENDEL5 -- done!
  • GRENDEL6 -- done!
  • EVENFLOW -- done!
  • GARDEN -- done!
  • OCEANS -- done!
  • ONCE -- done!
  • SLIPSTREAM -- done!
  • CESR-BLADE1 -- done!
  • CESR-BLADE2 -- done!
  • CESR-BLADE3 -- done!
  • CESR-BLADE4 -- done!