04-21-2023 09:10 PM
I'm investigating the pros and cons of integrating two separate networks in a single company. Imagine that we have a company with two separate networks. for example internal and internet networks. in the internal network, users can access the company's business applications and in the Internet network users can access the Internet and its related services. I achieved the following results and will be happy if anyone makes it better:
Pros:
Cons:
04-21-2023 11:06 PM - edited 04-22-2023 01:24 AM
@mahditalebi wrote:
for example internal and internet networks. in the internal network, users can access the company's business applications and in the Internet network users can access the Internet and its related services.
Is this some kind of a home assignment?
Because "in the wild", integrating two, separate network does not equate to "internal and internet networks".
What is the difference to, say, a network with for Finance and a network for Corporate?
04-22-2023 02:55 AM
The scenario you proposed dont make too much sense and I would add to the Cons the problem of accessing this two networks at the same time. Because no way you can use one or the other. You should have two PC or transfer PC from one side to the other and this would be also a security risk.
The concept of segregation in networking pass through filtering with firewall or ACL because the usabilility is the reason we create networks in the first place.
04-22-2023 04:34 AM
For security reasons, two networks are separated physically and they should not be connected. All clients have two PCs, one for the internal network and another for the Internet. I know this structure is not standard and that's why I'm trying to convince them to integrate both.
04-22-2023 07:29 PM
@mahditalebi wrote:
For security reasons, two networks are separated physically and they should not be connected.
Uhhhhh ... wut?
Someone had separated two networks due to "security reasons" and now someone wants to interconnect them?
Is either one of the network "air gapped"?
04-22-2023 10:09 PM
>For security reasons, two networks are separated physically and they should not be connected. All clients have two PCs, one for the internal network and another for the Internet. I know this structure is not standard and that's why I'm trying to convince them to integrate both.
If you are operating in the kind of environment I am thinking - it may be that there are factors at play that you have not been told about, and they don't consider that you need to know. Nothing personal, that is just how it works.
04-22-2023 10:02 PM
I have seen several networks like this, mostly in defence, factories and critical control networks. Typically users are given two computers, one connected to each network. Sometimes you will have a "data diode" which allows one-way communication and that is often used for monitoring purposes. These networks are not allowed to share switches, server farms, nothing. I have seen ships implement dual internal networks for critical ship control systems (once again nothing shared between them and no connection to anything else).
I have also seen critical control networks that implement dual disconnected networks where all "host" devices attach to both networks for redundancy.
I have not worked on but I have also heard of networks utilising four sets of separate networks to solve the "Byzantine fault" issue - where you want to be able to recover from a system deliberately injecting or trying to take control of the rest of the systems maliciously (so you are planning ahead how to handle a compromised system with zero impact to operations).
https://en.wikipedia.org/wiki/Byzantine_fault
The reason why those networks are physically separate is for security, to limit damage, and/or limit loss of life. If the internal network is physically air-gapped and nothing is allowed to be plugged in - it should be impossible for data to be exfiltrated or a foreign control system to take it over (at least via the network).
These kind of organisations would never consider the integration of those networks. I would hate to think of what would happen to the person who even proposed the idea.
04-24-2023 08:15 AM
I believe most of your "pros" and your one "con" are debatable, whether they truly are pluses or minuses.
@Philip D'Ath raises the important point that (truly) physically separate networks are often done to enhance "security" as such network do not have a physical interconnection. However, I've often amazed how often "security" is not done well, or how the "security" folk don't fully understand how to provide truly effective security. For example, what security is in place to preclude someone from connecting into either network, or interconnecting them? I.e. just having the two networks, by design, physically independent, alone, doesn't make either network secure. Don't misunderstand, having networks being physically separate can be an important part of an overall security design, but is there such an overall security design? If not, should there be?
If physically separate networks are not truly needed, as part of the security design/architecture, then some of your "pros" are, generally, good reasons why you might want to integrate the two networks.
An integrated single network, can also be pretty secure too, just not quite as the same level as using multiple physical networks, with the same attention to security.
It's possible, the history of these two networks is based on two parts of a company "growing" their own networks for their own usage purposes. If that's the real root reason for there being two physically independent networks, again, some of your "pros" are "pros". However, just as I mentioned "security" folk don't always do security well, same applies to generic network "engineers". I.e. the design "quality" of the two networks might differ, considerably. An integrated network should be as least as good, if not better, than what the two networks now provide. (The latter can be a very big "pro".)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide