Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Network Design Questions

  1. #11
    Junior Member
    Join Date
    Jan 2004
    Posts
    9
    Have you thaught about a as400 to help with security they are very handy for storage and traffic?

  2. #12
    1) I have to incorporate an IBM mainframe OS OS390 that is being used for legacy ........
    Try WRQ They have some terminal emulation software that may help you.

    2) Second issue is Remote storage and Manipulation of Applications in a Centralised ......
    You will get more bang for the buck if you went with web/http enabled applicatioins and used something like what Neoteris has to offer, they were purchased by Netscreen and have an awesome SSL VPN gateway.

    3) Third issue is to provide the travelling employers remote connectivity to the ......
    Again somebody like Netscreen would handle this challenge. You don't have to redesign your internal applications.

    4) Another important issue is providing internet connectivity to the organisation,.......
    It all depends on what you will be using the internet connectivity for, Web Browsing, vpn access, ftp, remote administration? how many users will need internet access? VOIP is something you definitely want to do a little design work on. Bandwidth, QOS are very important pieces when it comes to VOIP. Talk to a VOIP vendor and let them tell you what you need. Video conferenceing tends to be a bandwidth hog and will soak up as much bandwidth as you give it. I think a single T-1 will not be enough for your applikcations.

    5) They are using Frame Relay at the moment with FRAD's, Do you guys think that they
    Do you have a bandwidth problem with the existing Frame, an upgrade is not cost effective unless you can show good ROI. Upgrading bandwidth is hard to show ROI unless you have serioius latency issues or some other application that will run on it that can justify the upgrade.

    6) What issues at Client's end should be considered keeping all the scenario in mind?.....
    Make sure your outer network perimeter is guarded (ie firewalls, IDS, DMZ's, etc.), make sure you have all client computers virus proteceted and patched. If you have no written policy's, then you need to get upper management to back you on getting some written and abide by them.

    7) For remote administration I am looking into Telnet and SSH Servers and I guess it
    Remote adminstratioin for what? Each device has it's own way of administration. It may be SSH or telnet, or some GUI based admin tool. But I get your point.

    8) Security is something which I really learned from Antionline? I have considered.......
    Antifvirus, IDS, HIDS, firewalls, sniffers are a must have in most medium to large businesses. Honepots, are a different story. It looks to me like you have your hands full with getting a network up and running and in place. If it were me, I would spend less time putting some device on my network that specifically invites the hackers in. Read up a little more on Honeypots and see if you in fact would like to use one on your network. I view honeypots as being more of a research tool, and with the projects you are embarking on, when will you have time to administer a honeypot?
    - Boyam


  3. #13
    Why not get some proposals from Novell, Redhat, IBM,etc? Not only would you get some idea of the price range but you would also get some ideas of how to accomplish your goals. It sounds as if you really need a professional's input since corporate info could be accessed and security is the one of the highest considerations. I hope you're not building a network based on what you learn in a forum.

  4. #14
    Senior Member
    Join Date
    Jun 2003
    Posts
    142
    well R0n1n ..
    I have read yourpost in detail. Indeed very helpful. My vision is getting better with Mainframes and their terminals. Thank you for that. Now for your related questions, here goes my answers

    Issue no.2 I`m not to clear on what you mean, it seems like you are talking about the use of NAS? Could you elaborate more on this?
    All I wanted was a centralised application server located in Headquarters(which is malaysia), from where client(from Malaysia, Singapore, Hong Kong) in other countries can run their applications. And all the manipulation done by clients on application should be stored centrally at that central application server. I guess, I am making myself clear this time.

    .........two factor authentication for the connections, don`t just use a password!
    Can you elaborate a little more on this. What is a two factor authentication. Really woul add up in my knowledge.

    What connectivity you have is going to depend on how much traffic we are talking about, is this a large organization? Do they want to expand their bandwidth over time, in which case T1’s may not be the way to go, there are bigger lines out there T3. OC3 etc… so how much traffic are you actually talking about having?
    yes, scalability is one of the most important issues and we should consider it. As for connectivity, the applications that are bandwidth hungry includes Video Confrencing, maybe VOIP to some extent, and the centralised application server which is supposed to be accessed by may clients in many countries simultaneously(concrency and coherency issues). My idea is a fractional T3 or OC3 line would be good enough.

    Frame Relay may be fine, again depending on how much traffic, how many users are we talking about? Also Frame relays can provide a decent speed as it can be upgraded.
    Again, all applications that would require more bandwidth are mentioned above. As far as users are concerned, there would be around 400 to 500 LAN users and similarly 100's of WAN clients(accessing centralised application server,video confrencing etc.). What Frame Relay upgradation do you suggest?

    As for security, if this is the early stages of the network then forget about honeypots, and maybe even IDS for now
    Yes I must admit that the network is already in early development/upgradation phase and may not require honeypots, but wont it be a good idea to deploy Snort.

    DR is a massive area, what are your specific problems?
    I am not going far in DR. But issues in my mind regarding DR is backup plans on tape drives, hosting it at some other company, making a smart network where alternate solutions can be provided in case of any disaster to provide maximum possible services. Moreover, using RAID 0 and backing up some network equipment in storage would be a good idea. I am further looking into it.

    And Thank you for your advices bout Mainframes, VPN,SSL,remote administration and client side issues. Thumbs upto you. If you could PM me your rmail ,may be I could send you the document describing whole scenario.

    __________________________________________________________________________

    well swarisd thank you for your efforts and looking into the problem.. I would love to solve this problem...

    Remote adminstratioin for what? Each device has it's own way of administration
    Remote administration for infact the whole network, it can be any server like web server,DNS,DHCP, FTP, Mail server. Infact the purpose of this Telnet/SSH server would provide an interface to the system administrator to the configuration interface of these servers and even some network equipment like a switch or a router's IOS.

    If it were me, I would spend less time putting some device on my network that specifically invites the hackers in. Read up a little more on Honeypots and see if you in fact would like to use one on your network. I view honeypots as being more of a research tool, and with the projects you........
    Yes, I do agree with this. I was probably overdoing this. I would look for a strong firewall infrastructure. But wont a Honeypot looks good if you want to divert a Cracker's
    attention towards a loosely configured machine. Your thoughts on this??
    ___________________________________________________________________________

    It sounds as if you really need a professional's input since corporate info could be accessed and security is the one of the highest considerations. I hope you're not building a network based on what you learn in a forum.
    well hard candy, my objective here is to learn a good and secure network design and If I hire someone more professional, the whole aspect of learning would be gone. I hope your are getting me . Moreover, for me this is more like a research oriented project aimed at coming up with a network design proposal , though it wont be that professional. But I'll definitely get to learn something new. And, I am learning something new everyday .
    ___________________________________________________________________________

    Thank you all for your replies. You all have been really helpful.I 'll certainly look into budgetry and finance issues.
    I am looking further for your advice,suggestions and recommendations.
    Ommy

  5. #15
    Since this is a learning experience, here are some links,
    Smartdraw has a 30 day free trial, is downloadable, and is used for network design diagrams.
    Good network design examples from Lebanon of all places. Cisco has some good design principles, pay attention to the 80/20 rule.

    Microsoft
    has some good reference material.

    Remember, the best security setups have one achilles heel- the users. It used to be p2p was opening backdoors but now it's IRC and IM. Also, file downloads of any type can set up trojans, etc. I'm not sure if it would be effective but spyblaster or spyware search and destroy set to run at bootup (and restricted to administrator configuration) would help a lot. We thought we had pretty well secured our network from the blaster worm/virus but someone with a laptop using vpn loaded it into the network. So be pretty careful of vpn, its handy but does have a cost. Especially overtime when the techs have to scan servers, etc.

  6. #16
    Remote administration for infact the whole network, it can be any server like web server,DNS,DHCP, FTP, Mail server. Infact the purpose of this Telnet/SSH server would provide an interface to the system administrator to the configuration interface of these servers and even some network equipment like a switch or a router's IOS.
    I don't see the need for a go between for devices that use telnet/ssh for administration. I do see a use for a radius/tacacs type solutioin to authenticate your administrators. As we know, there's nothing secure about Telnet, since everything is in the clear. You may want to rethink what you are doing here and deal with administration on a case by case basis. I can see where you may require SSH over telnet, if the device supports it. As powerful as computers have become now, I don't see a need for a go between box as you describe. I think you will find this out as you go along.
    - Boyam


  7. #17
    Wow how does that whole thing work

  8. #18
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    ok following on from your comments:

    "All I wanted was a centralised application server located in Headquarters(which is malaysia), from where client(from Malaysia, Singapore, Hong Kong) in other countries can run their applications. And all the manipulation done by clients on application should be stored centrally at that central application server. I guess, I am making myself clear this time".

    - How about some kind of terminal server/citrix setup? that way folks all work on your central server. Easy to scale up, easy to manage, and would seem to solve your probs.

    Two factor authentication means that users need two things to access the system - these are commonly split into something you have (e.g. a secureid token) something you know (e.g. password) and something you are (e.g. fingerprint). So maybe users have a password and a secureid token to access your system remotely.

    Yes a fractional T3 or OC3 should meet your bandwidth needs.

    As far as the frame relay network, i`ve seen them operating a decent speeds, will your users be accessing streaming data? or just the occassional pull down from the server?

    As for security, sure play around with snort, but concentrate on a good firewall architecture and policies and procedures in place to ensure that all your servers are pacthed and passwords are strong.

    DR is going to dependent on a) how much you can afford b) how critical your data is c) how quick you are going to want to get it, and d) how much you can afford.

    Send me the stuff if you like and I`ll be happy to take a look.
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •