Beameup Posted July 24, 2008 Posted July 24, 2008 (edited) Hello,This is my first discussion post on this website. I did a google search for this answer and I found this site instead. I have experience as a computer tech/ webmaster (With moderate small home/office networking skills). I work for OMSCopiers.com (Mainly as the website administrator) and I recently have been assigned to research this issue for a client.Our client has an existing network (Windows based). They share the network with another group (Engineering) within the Company. Currently, the network does not restrict one group (Engineering) from seeing the other (Accounting). They were under the impression this issue was prevously fixed from their ex-network guys. I would assume changing the subnet mask of one group would do the trick, But....The accounting department wants to continue seeing the engineering department, and block the engineering department from seeing the accounting department... How do I go about doing this?We received the OK to research this situation; however, at this point, I am not certain if their Windows 2003 Server or Router is running DHCP. I will find out soon, but for now, I am assuming the server is handling DHCP.Thanks in advance,Aaron Edited July 24, 2008 by Beameup
cluberti Posted July 24, 2008 Posted July 24, 2008 Describe "see" in this sense. If you want network separation/control over different machines on the same network segment, you'll need to do a VLAN on the switch, or perhaps use a firewall if you need finer control.If by "see" you mean browse, if they're on the same subnet it's not possible without some network controls in place.
eyeball Posted July 24, 2008 Posted July 24, 2008 (edited) You could stick a firewall in between the 2 and block ports 137-139 and 445 one way only. That would allows shares only one way to be enumerated This is gonna get messy though, do they have only one server? Edited July 24, 2008 by eyeball
Beameup Posted July 24, 2008 Author Posted July 24, 2008 (edited) Thank you for your fast responses. I should have given more detail when composing the message.. sorry.Both groups can browse computer and printer shares. We (OMS) originally went in the office to repair/configure network printers. While configuring the PC's and Server for network printing, we were able to see the printers from the other network (BTW: We also had admin permissions to alter the printer configurations).Fortunately, there are two servers; one for accounting, and one for engineering.I will look more into this firewall idea... I usually use firewalls to open certain ports for external access (such as Remote Desktop, FTP, WWW, and Security Surveillance Ports), but never placed a firewall for inner-office use (never had to). Which Firewall (Preferably inexpensive) would you recommend for such a task?I will also look into this 'VLAN'.Thanks,Aaron Edited July 24, 2008 by Beameup
eyeball Posted July 24, 2008 Posted July 24, 2008 Well it sounds to me like blocking ports 67 and 68 would stop DHCP passing through the FW and stopping 137-139 + 445 only one way would stop shares being browsed.But is this good enough? thats just an idea off the top of my head
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now