Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

restrict internet access to development network

Status
Not open for further replies.
gwu

gwu

MIS
Joined
Dec 18, 2002
Messages
239
Location
US
We are working on a web project where we are required, by the customer, to keep the source code under "lock & key". My boss needs me to come up w/ a solution. His option: keep all source code on a seperate network where employees do not have any Internet acesss. We cant risk giving an employee the ability to upload any of the source code via ftp, email, or http "form upload". Of couce we would have to disable all USB access, floppy drives, cd burners, etc as well. They can have thier internal development web server environment, thats it.

I use iptables on a linux box as the firewall. This is easy to do, but are there any other options as this seems like a drastic approach.
 
Sort by date Sort by votes
If you want to be truly paranoid, the only way to secure the code is to have the development team use media-unavailable workstations on a physically separate network. Media-unavailable workstations prevent anyone from buring the code to a transportable medium. The physically separate network prevents someone from transferring code to a non-secured workstation and sending the code out from there.


Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Exactly, but the media part is no problem. Its is the restricted internet access that i question. I cant imagine working without the internet even if just for moral and inspiration.

so i am guessing by your answer that someone could find a way to upload code via the internet if you allow internet access.

thanks
 
Upvote 0 Downvote
Lock down or remove all ipv4/6 socket access and make sure
that the net devices are configured not to forward any
traffic from the subnet these boxes are on. The end.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hobbytech
  • Locked
  • Question Question
Internet not connecting
Replies
5
Views
879
Stephen_Hawk
Stephen_Hawk
donald lepariku
  • Locked
  • Question Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f
Replies
3
Views
847
spamjim
spamjim
kasperelectronics
  • Locked
  • Question Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
469
kasperelectronics
kasperelectronics
Edwin Reyes
  • Locked
  • Question Question
High CPU utilization Linux Server due to mysql
Replies
1
Views
495
spamjim
spamjim
waydown
  • Locked
  • Question Question
Network card not detected
Replies
1
Views
423
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top