2 networks at the same time

4 Jul 2009 5:25 PM

SW

Hi,

What are the likely problems and security risks of the following scenario?

PC connected to the LAN using a wired Ethernet connection. Server 2003 AD
domain and ISA prevents using pop, smtp, etc.
A wireless network connection on the same machine connects to the Internet
via another broadband line with no ISA or any similar restrictions, just the
basic firewall.
The user runs the usual apps on the LAN and at the same time connects
remotely to other networks using the wireless connection, and operates an
smtp server using the same.

What is the risk to the LAN?

Thanks in advance
SW

4 Jul 2009 6:33 PM

Meinolf Weber [MVP-DS]

Hello SW,

This will result in problems, because of DNS configuration. The computer
should have one connection, either to the domain with correct ip configuration
or to the internet. With that kind of connection you will see problems logging
on to the domain, even if you maybe have internet access.

And why do you open the computer on one side to the internet and close the
other site complete? Virus,etc can easy go into the computer and then to
the domain network.

In my honest opinion, forget this crappy network setup.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Show quoteHide quote

> Hi,
>
> What are the likely problems and security risks of the following
> scenario?
>
> PC connected to the LAN using a wired Ethernet connection. Server 2003
> AD
> domain and ISA prevents using pop, smtp, etc.
> A wireless network connection on the same machine connects to the
> Internet
> via another broadband line with no ISA or any similar restrictions,
> just the
> basic firewall.
> The user runs the usual apps on the LAN and at the same time connects
> remotely to other networks using the wireless connection, and operates
> an
> smtp server using the same.
> What is the risk to the LAN?
>
> Thanks in advance
> SW

5 Jul 2009 10:00 PM

SW

Show quote Hide quote

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6628ffd8cbcafdd8d535bd@msnews.microsoft.com...
> Hello SW,
>
> This will result in problems, because of DNS configuration. The computer
> should have one connection, either to the domain with correct ip
> configuration or to the internet. With that kind of connection you will
> see problems logging on to the domain, even if you maybe have internet
> access.
>
> And why do you open the computer on one side to the internet and close the
> other site complete? Virus,etc can easy go into the computer and then to
> the domain network.
>
> In my honest opinion, forget this crappy network setup.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi Meinolf,

I appreciate your honesty, thanks. I too think its a crappy set-up, that's
one reason why I asked for opinions about it. An IT consultant has proposed
it as a way of enabling him to work on our network and at the same time
maintain his email and connect to his other clients.
But what is so different about this setup, and the consultant working
somewhere else and having a VPN to our network?

Thanks for your help,
SW

6 Jul 2009 2:58 AM

Ace Fekay [Microsoft Certified Trainer]

"SW" <anonymousgr***@hotmail.com> wrote in message news:3C9A7848-88AF-4D2E-B51C-E19035150985@microsoft.com...
>
> I appreciate your honesty, thanks. I too think its a crappy set-up, that's
> one reason why I asked for opinions about it. An IT consultant has proposed
> it as a way of enabling him to work on our network and at the same time
> maintain his email and connect to his other clients.
> But what is so different about this setup, and the consultant working
> somewhere else and having a VPN to our network?
>
> Thanks for your help,
> SW

It sounds like you are trying to satisfy the consultant, and not your own network needs. I myself, wouldn't set this up for any consultant. I am a consultant, and when and if I need to connect to my other customers, I try to follow the security restrictions I've set without bypassing them for the most part. Once in awhile I will plug into the DMZ instead of the main network with my laptop, or simply plug in my aircard, and away I go.

Your consultant should be on your side. Don't you pay him for the hours at your place?

Curious, and I hope you don't mind me asking. Do you also pay him/her while he/she's working on his other customers' networks remotely?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
ace***@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

6 Jul 2009 5:32 AM

Meinolf Weber [MVP-DS]

Hello SW,

As Ace already stated the consultant has to work with your network rules,
not with his/her wishes. And if you pay him, why should he work for others
remotely?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Show quoteHide quote

> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6628ffd8cbcafdd8d535bd@msnews.microsoft.com...
>
>> Hello SW,
>>
>> This will result in problems, because of DNS configuration. The
>> computer should have one connection, either to the domain with
>> correct ip configuration or to the internet. With that kind of
>> connection you will see problems logging on to the domain, even if
>> you maybe have internet access.
>>
>> And why do you open the computer on one side to the internet and
>> close the other site complete? Virus,etc can easy go into the
>> computer and then to the domain network.
>>
>> In my honest opinion, forget this crappy network setup.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Hi Meinolf,
>
> I appreciate your honesty, thanks. I too think its a crappy set-up,
> that's
> one reason why I asked for opinions about it. An IT consultant has
> proposed
> it as a way of enabling him to work on our network and at the same
> time
> maintain his email and connect to his other clients.
> But what is so different about this setup, and the consultant working
> somewhere else and having a VPN to our network?
> Thanks for your help,
> SW

6 Jul 2009 11:39 PM

Leonard Agoado

"SW" <anonymousgr***@hotmail.com> wrote

> An IT consultant has proposed it as a way of enabling him to work on
> our network
> and at the same time maintain his email and connect
> to his other clients.

SW,

Sounds like a wonderful idea, but make sure of the following --

1. The Internet access fee you charge this 'IT consultant' should more
than offset any payment he is asking from you.

2. Any time he spends helping other clients and checking his email
should not be counted against your billable hours.

3. Any charges he makes to these remotely serviced clients should
include a surcharge payable to your company for providing
infrastructural support.

4. This 'IT consultant' should post a sizeable cash bond to offset
future damages and expenses that may result from his leaving your once
secure network butt-open to the wide world.

Regards,

Len Agoado
ago***@msn.com