Going through the search phrases, again I see that a few people have looked up using IAG internally.
Can IAG to used to protect internal systems? Yes, but you have to get your networking principles correct!
Although I have not done this, I understand the principle and I know where this has been deployed.
Imagine you run a datacentre (a proper datacentre, and not a glorified server room!!!) where physical security is as important as network security.
With an IAG server deployed to service a datacentre, you no longer have to give physical access to your datacentre for software installation/configuration/reconfiguration.
So in reception you have a number of PCs which can access the external side of the IAG appliance. The authenication is set up using one time password (OTP) solution, so they are only able to access the server this one time. You could also restrict access to the trunk to only the computers in reception.
When they log, they can either be presented with a portal showing the RDP connections to the servers they look after, or have the start up application as the RDP session itself, rather than present a portal.
Just remember than you still need to have two network segments for this to work, as IAG can not run in a single NIC setup as explained previously in this blog.
A Cyber Security professional, who currently holds EU GDPR Practitioner, CISSP, MCSE:Security and MCTS certifications.
No comments:
Post a Comment