Currently, the Bass connection to the internet is as follows:
- A workstation is supplied with a static address and
connected to the 3COM switch.
- The 3COM switch is connected to the Bass server
- The Bass server proxies traffic from one network to another
- The Bass servier is connected to one of two switches
in the wiring closet. Depending on which one is its
first connection, the traffic passes through one or two
- The traffic then proceeds to Acceleration's machine
This configuration is not desirable, for several reasons:
The network configuration is incorrect for
the firewall setup that Bass would like implemented. Bass
would like the local network configuration to be a
particular "subnet". Currently, a different subnet is in
use, necessitating a renumber of all computers.
All network configuration is static, so changes
require manually reconfiguring all individual workstations.
If more of the network configuration had been designed
dynamically, the changes necessary for the firewall
install would have been much more simple.
All network traffic must pass through a server
proxy. This makes configuration and addition of new
machines unnecessarily complex.
Additionally, there are large portions of the network which
are poorly understood. It is not likely that this presents
a present security risk, but it could. It definitely
presents a confusing configuration problem.