Forgive me if this isn't the right place to post.
I would like to figure out the easiest way to set up a computer (generic, could be any platform) in such a way that it can't access the internet and can't access any other computers on the network but can be accessed by only a few other computers.
We're using Cisco AMP which has a nifty feature called "endpoint isolation" in the event it becomes infected. This will effectively close any and all network ports so traffic can't get in or out. We can configure isolation so that it can see a single IP (or range I suppose). So before we start playing around with this feature, we want to make sure we can still get to it in some way to investigate/turn off isolation. Thus the computer above. So the infected computer will be able to see it, but it can't do anything. I (and a few others) can see it so we can use it to access the infected endpoint.
No comments:
Post a Comment