internet network schema
Results 1 to 6 of 6

Thread: internet network schema

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    300

    internet network schema

    I have posted various questions regarding this same project (none double up but all were related to this problem) I am developing a network just for people to browse the internet. I would like to be able to control a few different things:

    1. Web Priviledges - However I would like to give administrators and the CEO full reign of the web.
    2. Email - I would like to be able to monitor the email so that we don't get junk mail and so forth. ( am not sure if this is possible)
    3. I would like to be able to update all the computers at the same time with new software and licensing information.
    4. I would like to be able to control pop-ups and virus attacks.

    So here is my hardware I have to run this small network.

    1 - FB1000 Firewall
    1 - Router (I have a linksys and a adtran I will most likely going with adtran)
    1 - 24 port switch
    1 - Home Built Computer Running Mandrake 10
    1 - Dell Comp running Windows 2003 server

    Attatched is an idea I have however I would like to hear from all you guys and learn from your experiences.

    I would like to know the best uses of what I have and what software would be the best to do what I need to do.

    Thanks,

    Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  2. #2
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    if you have a domain setup you can use that to push out updates and that using the utilities built in to your 2k3 server. We use Exchange 2003 server to do the spam protection, while we use mcaffee enterprise virus scan to scan everything. as far as web controls go -- i don't have experience with that, as far as pop-ups go, you could possibly push out the google toolbar through the windows 2003 server capabilities.
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    That schema is okay, but you really shouldn't be connecting your border router to the switch AND to the firewall. It should be going Internet -&gt; Gateway Router -&gt; Firewall -&gt; Switch. The Linux box is sort of in an odd position. If it's intended as a second firewall, that's kind of redundant given the rest of your design. If it's intended as a server it should be attached to the switch.

    To answer your points about controls:
    1. Squid is an HTTP proxy with the ability to filter out sites you don't want based on a ruleset.

    2. Blocking junk mail can be done with a tool like Spam Assassin. Also, consider alternate mail clients such as Mozilla's, it has built-in junk mail flagging and IME is pretty good. If you need to keep email centralized, you want an IMAP server instead of POP3. The email is stored entirely on the server in IMAP which makes it simpler to back up the entire organization's emails.

    3. Not quite sure what you mean by this, it sounds like more than just applying patches regularly, so please elaborate.

    4. Viruses can be mitigated through the use of an email content scanner, as well as desktop virus scanners on each PC. If you go the linux route for the email server, Kaspersky offers several packages for servers that can do the email scanning as they come in. I used it for a few years, and it was stable, never really had many problems with false positives, but it did slow down the SMTP process a bit.
    As for desktop virus scanning, all my experience has been with (now) Symantec Anti-Virus Corporate Edition. For network station management, it's fairly well done, though I haven't played with the latest versions.
    As for popups, there is various popup-prevention software, however I think there are ways to configure squid to strip out specific javascript.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    you really shouldn't be connecting your border router to the switch AND to the firewall
    I have switched the way the network is setup. I have put it like:

    Router - &gt; Firewall -&gt; Server -&gt; Switch -&gt; Clients

    I was debatinb between the two ways and I have found that configuration I want to use it would be easier and more efficient.

    Not quite sure what you mean by this, it sounds like more than just applying patches regularly, so please elaborate.
    Not only would I like to be able to apply patches but also make changes network wide (i.e. i switch from norton to mcafee and would like to not have to go to every maching and perform the uninstall and install)

    With the email situation I have actually been given exchange server in a bundle for free so I think I will be using that.

    [new question]
    Some people in the company (including CEO) are stuck on using AOL accounts (even for company use) so I am sorta stuck now on how to deal with that situation. Is there anything I can do to filter that (besides AOL).
    [/new question]

    Thanks,

    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    119
    I'm very familiar with the use of Symantec Antivirus corporate edition. It is really easy to manage, and would work very well on your Dell 2K3 server. Ideally if you have the hardware you would want to run it seperate than other functions. However heres what I suggest.

    Use the Mandrake to run Squid, your proxy server, and you can restrict it as much as you wish. (Never messed with it but I'm assuming you can)

    Use the Dell server to run your exchange, and antivirus at the least. If you wanted to restrict your computers down to the upmost, you could use this as a domain controller, and set all kinds policies restricting what you need. Depending on how large your network is this might be alot of hassle and not worth it.

    Now as for the remote installing of software, thats where it gets iffy. Symantec offers a product called packager, that you can do remote pushes out on your network assuming you have the correct rights. You can make a custom package that installs silently and the users would never know about it. When it comes to uninstalling things over the network I dont know. I'm sure Mcafee has some sort of remote installation software as well.

    For the patching of the computers, I've heard wonderful things from Microsoft's SUS server. Its available free from them, and you can pick what updates you want to go to the computers. I dont think its very demanding, so you may be able to use your Dell server for that, if you wish, but I think it would be best to put it on another machine if possible.

    And lastly for the new question, I've not messed with squid, so I'm not sure how configurable it is, but if its anything like the proxy servers I've messed with, they will be able to use it, just might take some configuration.

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I appreciate you all taking time for your responces. I have been looking over and over and picking and choosing software and I am about to embark on an alnight all tomorrow fiesta of reloading and building a machine real quick. It is gonna be blast.


    Thanks,

    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •