Confidential Network

Unanswered Question
Apr 6th, 2009

Is there a way that we could restrict a desktop machine accessing any other system in the network ?

if so will we be able to implement an encrypted communication between the end machines .

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Mon, 04/06/2009 - 11:15

An IPS is not the device you want for this job.

For access restriction you should look at using VLANs, for encrypted communications you should set up a tunnel between the desktop VLAN and the destination VLAN

clausonna Tue, 04/07/2009 - 11:01

Rhermes is correct; IPS is not the right solution. You want VLANs and ACLs, potentially NAC but that's overkill.

There are 3rd party products out that extend this as well, so if (for example) you permit a user to Remote Desktop or VNC from Desktop A to Server B, they're 'locked' into Server B and can't RDP out anywhere from there. I think one solution was called Xceedium.


This Discussion