Results 1 to 5 of 5

Thread: network layout and security

  1. #1

    network layout and security

    Hey everyone,
    Im trying to have a better vision on network security and creating a topology sounds like the best thing to do. Attached is a layout of a network i recreated. I know there is not much detail but i think there is enough to go on for now.
    I was wondering if you can give me your opinion on what this network needs to make it more secure (multiple firewalls, IDS, etc)....


  2. #2
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Miami, FL
    On your Network Layout Scenario what is that directly below the Internet cloud? I'm assuming a router? Perhaps a switch? IDS sensor? Also, what is that to the left of the firewall?

    I wouldn't recommend multiple firewall's on the same system.

    I was wondering if you can give me your opinion on what this network needs to make it more secure (multiple firewalls, IDS, etc)....
    Encryption, IPS system, IDS system, Strong Passwords etc...

    Shouldn't the DMZ traffic be filtered by the firewall? Poor Network architecture = network being breached.

  3. #3
    right under the cloud is a router and u are right the DMZ would be connected straight to the firewall, will change now

  4. #4
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002



    If your interested in setting up a secure network, I recommend reading through Cisco's SAFE whitepapers.... LINK

    It's Cisco's recomendation on how to set up a SAFE network (offcourse whith their equipment, but you'll get the idea).

    Just thought to mention it... it's an interesting read.


    Back when I was a boy, we carved our own IC's out of wood.

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Be carefull with that wireless access point.
    Unless you're setting up a strong authentication / encryption scheme like WPA with Radius (and even then), it should live in a seperate (dmz like) segment on the firewall.

    Also, depending on your resources ($), you might want to consider setting up vlans and using a layer 3 swtich (or vlan capable switch and a router) on the internal network to seperate your servers/ops/dev/lab zones into diffrent segments which you can then setup some basic ACLs on the router....

    If you want to do IDS, make sure that your switches support mirroring (aka port spanning, port monitoring), ideally multiple port or vlan to one port.

    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts