1

Let me start by telling you that I'm not very technical, but need to provide someone with some guidance and I was hoping you could assist.

The situation is:

  • Dev and Prod subnets (Not sure if they're in different VLANS, but on diff subnets)
  • Current in-house developers apparently need access to both prod and dev networks, so completely segregating them may not be an option
  • They now also need to provide access to an offshore dev company to the dev network, but keep prod secure

They have a FW and a Citrix gateway, and were looking to setup VPN access to their network. Any thoughts on how best to approach this?

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
Craig
  • 23
  • 2

1 Answers1

1

Put development and production in different VLAN's, put a VPN from offshore to your company. Allow inter-vlan routing from dev to production, allow routing from dev to VPN. Disallow any traffic from offshore to production. Enforce this with a firewall/ACL. Maybe set up an IDS on your VPN to dev.

This is the best I can come up with as probably completely segregating these networks is not an option for you. The only way to compromise your production would be if somebody from offshore was able to get into a dev machine. So make sure you enforce a firewall policy.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93