Windows – the best way to join an internet pc to domain

file-sharingnetworkingSecuritywindows

I need to connect a PC that has already an Internet connection via on-board LAN to a Windows domain. This domain has no Internet connection, because the data is confidential. I need to do this because I need to send some files from this domain to another place (by authorized personal only).

At this day this is made via modem, but it's too old, slow and the software that does the task isn't working on Windows 7. For my boss this is better than connect the domain to the Internet.

I need to figure out how to connect this computer to the domain network without letting non authorized users share files between the domain and the Internet.

The restrictions I have are the following:

I cannot configure switches
I have just one more PCIe network card
I cannot change the OS of the Internet PC
I cannot use any more computers

I'm thinking to put a MySQL database and disable file sharing on the internet PC, and make a system that take files from that DB and sends it trough HTTP POST requests to a PHP web service. I don't know if this could be the best way to do this.

Any idea? Recommendation? Any other way?

My original idea was to put the PCIe network card to the internet PC and connect it to the domain's switch, configure some firewall software on it and disable any other traffic than MySQL (from/to domain), design a system that does the task to receive files from domain (uploaded to MySQL db from some VBA form in the domain) and send it to the external place via HTTP POST request. I hope this give some more clues about what i'm trying to do.

Best Answer

I tried parsing your post. but it is a bit confusing. However I think that you meant this:

We have computers in a domain with confidential data. For security reasons this domain is not connected to the Internet.

OK. Internet and sensitive data to not combine well. Keeping sensitive data off the net is a good.

We need to upload files from this domain to another place.

Currently this is done via a modem, but it is old, slow and the software for this does not work on windows 7.

This surprises me. Windows 7 does support serial ports. A real modem should just work and it is a reliable if slow but secure solution. The only think I can come up with is truly ancient software, or a soft-modem. In which case you can replace the ~~fake~~-soft-modem with a real modem.

I need to figure out how to connect the destination computer to the domain network without letting non authorized users share files between the domain and the Internet.

I can not configure switches.
I have just one more PCI-e network card.
I can not change the OS of the Internet PC and
I can not use any more computers.

I am thinking to install a mySQL database and disable file sharing on Internet PC and make a system that take files from that DB and send trough post requests to a PHP web service

This seems a complex way of piercing a hole though your security. If your data is that sensitive that the whole domain needs to be isolated from the Internet then any method including a permanent connection will compromise that security.

Sit back and consider your main goal: It is either security for the sensitive data, or ease of use. But not both.

Secondly I am not quite sure with what you mean with the database. You want to set it up on the data receiving PC and not on a computer in the domain? Then how would you take files from the database without a connection? Temporarily set one up via a modem?

but I don't know is this could be the best way to do this. Any idea? recommendation? any other way?

The best way is one which involves the least complexity. I doubt that a system with an extra database, PHP and still some sort of complex connection tot he Internet is the right one.

Either:

Get a proper modem and do it the old trusted way.
Or encrypt the data, burn the encrypted data to an empty CD-R and ship that via paper mail.
Or use the same method which is currently used by your admin when she updates the software on the domain.

Related Solutions

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

Windows Server 2008 R2 – Can’t connect RDP over the Internet

Figured it out, it has to do with the VPN connection, to fix use this suggestion from .NET Answers:

In Vista:

Go into the Control Panel and click the “Network and Sharing Center” icon.

On the left panel of the resulting screen you should see a link, “Manage network connections.” Click it.

The next screen will have icons for all of your connections. There should be one for your VPN. Right-click it and select “Properties” from the menu.

In the “Properties” screen, click the “Networking” tab and then select “Internet Protocol Version 4″ and click the “Properties” button.

Click the “Advanced” button. This will bring up a new window where you can un-check “Use default gateway on remote network.”

OK out to save everything.

Apparently the issue is that VPN connections do all traffic over VPN, including incoming. Not sure why it explicitly was ignoring incoming traffic that Wireshark showed, but this works.

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

Windows Server 2008 R2 – Can’t connect RDP over the Internet

Related Topic