Tech Support Guy banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
50 Posts
Discussion Starter · #1 ·
We are a separate entity charity organization; however, we are also a branch of a bigger non-profit organization. Currently the CIO expressed opinions that he wants control over our network which contains 50 workstations and 6 servers. Two of those servers are database servers that contain crucial information. We are concern that if he takes over and moved all those servers to his location, would we increase the probability of being attacked by hackers since it will become a bigger target for hackers? Currently our Internet access and emails are from them, but as far as maintaining all the workstations and servers, that is done in house. We have our own separate firewall that protects all over machines before it goes out to their network and to the Internet. Will anyone give me some reasons to stay separate from their control over our network and machines?

Many thanks for your help. Any suggestion is greatly appreciated!

ljCharlie
 

·
Registered
Joined
·
343 Posts
firstly, if your gateway is through the main company, then the risk of hackers etc. would be no greater, secondly, I assume the gateway has its own firewall, in which case, that is your main level of defence, your firewall is the secondary. Finally, if you are using SDSL, or fast ADSL connections with a fixed IP address, then filesharing can be accomplished using a VPN link with file replication to speed up access to data.
provided you use strong encryption (5DES or better) there is little risk of anyone capturing your data, it would also provide another route for backup (you do back up your data daily don't you ?) The main thing you need to ensure is that password policies are enforced, 7 characters or more including CAPITALS and numbers
Cheers,
10forcash
 

·
Registered
Joined
·
343 Posts
As a possible line of defence, it may be worth suggesting that your servers are used to backup the main site's data and vice -versa, this would give you control over your own data and the main site near-realtime access to your data without sacrificing your autonomy. use a DFS to replicate data across the domains, generally, the maximum lag time for data propagation is 20 minutes
hope this helps
Cheers,
10forcash
 

·
Registered
Joined
·
50 Posts
Discussion Starter · #4 ·
Thank you for the response. We have a T1 line going from our building to the head quarter. We also have our own domain controller; however, our machines' IP address are acquired through their DHCP server. Maybe the risk of either case are the same, how do we justify being separate because we don't want their CIO and staff taking over our database and servers. In a sense, we like to keep their staff off our database as much as possible. So my main question is, how do we justify or reason to have our servers remains separate?

ljCharlie
 

·
Registered
Joined
·
642 Posts
Try this. One of the major staging grounds for distributed denial of service is from the compromised internal networks of charities. This method ensures the confidentiality of the attacker and renders the charity liable for the damage to the attacked network. For this reason many security vendors will secure a charities network for a nominal fee and use it as a case study for customers.

If you are joining two networks together the spectre of sorting out the twin private address spaces can also be used to scare off the proposer. All that outside NAT...brrrrrrrrrr!!!!!!!
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top