Networking

[MerlinKnight]

I am in need of splitting 3 pc's and 4 PLC's from a network. They had hooked them up to a corporate network. NOT SECURE.
I can't shut down these systems and change ip addresses.They hook up through a switch before they go to a corporate networt.
What i want to do is put a firewall up in between these 2 networks but not have to change there ip addresses. I will need to connect to them from the corporate network using Remote Desktop to connect to the engineering computer.
The question i have is can a router have the same ip address format on both sides and work correctly? How can i split this systems up and block all computers from connecting to them except through using Remote Desktop and the correct login?
Any help would greatly be appreciate.
Thanks,
Merlin

 

[IRstuff]

Some routers allow for a variety of security methods, MAC filtering, WEP, etc. Not obvious which side you're trying to protect, but if your switch supports it, you can limit access to the MAC addresses you specify.

This has the effect of appearing to be an open network, but anyone whose MAC address is allowed will get no access.


TTFN

FAQ731-376

 

[robertjo24]

If your switch is a managed switch, you can place all your PLC's and PC's on a sepparate VLAN. This way they would be effectively isolated from your corporate network.

If you want to limit traffic types, but still have access to teh outside world, (i.e Internet for the PC's) then you will need to firewall the addresses and build a security scope defining which machines and IP's have access to which outbound IP's and TCP/UDP ports. This would be made easier if the PLC's and PC's were on a separate subnet (change the IP's) altogether.
This is also one of the recommended practices from the API Cyber Security Group for industrial automation and control. I do not know the actuial document ID, but a quick search on the API website will turn it up.