Difference between revisions of "User:Pgmurphy/SecureVLANs"
Jump to navigation
Jump to search
m |
|||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | ==Details== | ||
| + | * EB2 | ||
| + | **VLAN 455 | ||
| + | **172.26.0.0/24 | ||
| + | **256 IP addresses | ||
| + | * MRC | ||
| + | **VLAN 456 | ||
| + | **172.26.1.0/25 | ||
| + | **128 IP addresses | ||
| + | * Partners I | ||
| + | **VLAN 457 | ||
| + | **172.26.1.128/25 | ||
| + | **128 IP addresses | ||
| + | * Poe | ||
| + | **VLAN 275 | ||
| + | **172.25.0.128/25 | ||
| + | **128 IP addresses | ||
| + | |||
| + | ==Purpose== | ||
Private VLANS created for: | Private VLANS created for: | ||
*Cameras | *Cameras | ||
| Line 10: | Line 29: | ||
**All Managed Servers | **All Managed Servers | ||
| + | ==Setup== | ||
Allow 172 VLANS to only communicate (in/out) with: | Allow 172 VLANS to only communicate (in/out) with: | ||
*152.14.98.x | *152.14.98.x | ||
*152.1.51.x | *152.1.51.x | ||
| + | ==Issues== | ||
Issues to address: | Issues to address: | ||
#Research machines in the server rooms | #Research machines in the server rooms | ||
| Line 20: | Line 41: | ||
Solution: | Solution: | ||
*Configure the firewalls on these machines to block access to 172 ranges. | *Configure the firewalls on these machines to block access to 172 ranges. | ||
| + | |||
| + | -A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT | ||
| + | |||
| + | Machines to block: | ||
| + | * GRENDEL1 -- done! | ||
| + | * GRENDEL2 -- done! | ||
| + | * GRENDEL3 -- done! | ||
| + | * GRENDEL4 -- done! | ||
| + | * GRENDEL5 -- done! | ||
| + | * GRENDEL6 -- done! | ||
| + | * EVENFLOW -- done! | ||
| + | * GARDEN -- done! | ||
| + | * OCEANS -- done! | ||
| + | * ONCE -- done! | ||
| + | * SLIPSTREAM -- done! | ||
| + | * CESR-BLADE1 -- done! | ||
| + | * CESR-BLADE2 -- done! | ||
| + | * CESR-BLADE3 -- done! | ||
| + | * CESR-BLADE4 -- done! | ||
Latest revision as of 11:08, 12 February 2007
Details
- EB2
- VLAN 455
- 172.26.0.0/24
- 256 IP addresses
- MRC
- VLAN 456
- 172.26.1.0/25
- 128 IP addresses
- Partners I
- VLAN 457
- 172.26.1.128/25
- 128 IP addresses
- Poe
- VLAN 275
- 172.25.0.128/25
- 128 IP addresses
Purpose
Private VLANS created for:
- Cameras
- PERYTON
- GRIFFIN
- Printers
- ECEPRINT
- SENTINEL
- OM
- LightsOut Management cards
- All Managed Servers
Setup
Allow 172 VLANS to only communicate (in/out) with:
- 152.14.98.x
- 152.1.51.x
Issues
Issues to address:
- Research machines in the server rooms
- Remote access machines in the server rooms
Solution:
- Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT
Machines to block:
- GRENDEL1 -- done!
- GRENDEL2 -- done!
- GRENDEL3 -- done!
- GRENDEL4 -- done!
- GRENDEL5 -- done!
- GRENDEL6 -- done!
- EVENFLOW -- done!
- GARDEN -- done!
- OCEANS -- done!
- ONCE -- done!
- SLIPSTREAM -- done!
- CESR-BLADE1 -- done!
- CESR-BLADE2 -- done!
- CESR-BLADE3 -- done!
- CESR-BLADE4 -- done!