Can I use two NIC cards instead of a switch on company network?

2

I have a Windows 7 PC that is currently connected directly to a gas pump thru a modem, we are upgrading and will soon be needing to connect the new gas pump to a switch that only routes things like NVR's, Alarm panels, Access control panels that have no access to the internet. The PC is joined to our Domain and has access to the internet so I was wondering if I could just install an additional NIC card to the PC to connect to the pump instead of having to run a new cable from the pump to the switch and how I would configure the extra card to connect to the pump without it having access to the internet. Any utility device having internet capabilities is a no no with the IT Dept. Any help with this is appreciated.

Panrider

Posted 2017-12-16T05:01:51.313

Reputation: 21

Question was closed 2017-12-16T18:29:37.853

2I don't think you understand IP networking at all... Plus your PC is an immediate "no no" since it connects to the Internet, by your own requirements. Do the job right the first time, run the cable and properly connect the device, no matter how you try to figure this out, if you company network and "other" network are separate your running a cable anyway so do it correctly the first time. – acejavelin – 2017-12-16T05:22:46.230

Your right acejavelin I know very little about networking that's why I posted here. The PC and pump are now connected with a Cat5 cable but only utilizing only 2 pair for the modem. The switch is quite a distance from the PC and will be moved further in the near future so I'm trying to save myself some work. I was hoping to isolate the pump from internet access by creating a subnet that has no internet access on the second card but maybe that can't be done. Thanks for you response. – Panrider – 2017-12-16T06:01:31.410

Since you are in the Luck of having an IT-Department your best option would be to ask one of them to help you and not here since they know their Network while everyone here can just make good guesses. Also every IT-Team has its own way of how they like things to be connected and configures so any as good meant instruction from here may still be not the correct way in their Eyes – konqui – 2017-12-16T08:19:07.357

Thanks for your response Konqui our IT team definitely has their ways so I may very well have to just run my cable to the switch and experiment later. – Panrider – 2017-12-16T16:02:33.937

Issues specific to corporate IT support and networks are off topic, see On-Topic. Please talk to your IT department.

– DavidPostill – 2017-12-16T18:29:26.253

Answers

4

  • You can put 2 NICs in a PC. 3, 4, as many as you want, really. All major operating systems support this.

  • Each NIC can appear on a different network.

  • One NIC can be configured for DHCP and take the default route given by DHCP, or a default route configured manually - this would typically be your Internet-facing NIC.

  • The other NIC can be configured to not have a default route - this tells your PC that no Internet traffic should be sent to that NIC.

The problem is that if an attacker gains access to your computer through the Internet facing NIC, the attacker can access anything through the other NIC (just like you will be able to by sitting down at the screen), including the gas pump, etc. It's also very easy to configure your system to be a router and allow anything on that second NIC to get Internet.

So if you want the gas pump to 100% guarantee to not have any access to the Internet, this won't work.

The security technique of creating a network that is not connected to the Internet is called air gapping, but inserting a PC that does have a NIC that can reach the Internet closes the air gap.

LawrenceC

Posted 2017-12-16T05:01:51.313

Reputation: 63 487

I do appreciate the technical explanation you've provided and I'll have to run my idea by our IT people to see what they say but as you have explained it might just be a pipe dream and not feasible. – Panrider – 2017-12-16T16:08:25.690

If you want something to not have Internet access for security, then you cannot remote into it via the Internet and still have that same level of security. You have to physically visit the site. – LawrenceC – 2017-12-16T20:01:03.570

1

As others have indicated, adding a NIC is a no-no. It creates a pivot point in your network (if your PC is compromised then it can be used to compromise the pump/alarm).

Running new cable is the best (as in safest, fastest, most reliable) option - but this may be easier said then done, so -

There is another possible (but not good) solution no one else has mentioned - if you don't need more then 100 megabit speeds and are not using power over Ethernet - you could split the Ethernet cables into 2 using cheap appropriate adaptors. Ethernet cables typically have 4 pairs (8 wires) and only requires 2 for 100 megabits. (It's not a product recommendation - but something like https://www.amazon.com/Ethernet-Splitter-Sharing-Connections-Single/dp/B002BVQF5A

Another workaround may (or may not) be to look at using Ethernet over power devices or WIFI for your Internet connection and repurposing the Ethernet cable

It's not clear to me from your question if you need to join Ethernet cables if you use existing wiring, but this is possible using a simple joiner (but not a best practice).

davidgo

Posted 2017-12-16T05:01:51.313

Reputation: 49 152

Asked: 2017-12-16T05:01:51.313

Viewed: 673 times

Active: 2017-12-16T18:43:59.727