-
July 3rd, 2005, 10:44 AM
#1
Member
network layout and security
Hey everyone,
Im trying to have a better vision on network security and creating a topology sounds like the best thing to do. Attached is a layout of a network i recreated. I know there is not much detail but i think there is enough to go on for now.
I was wondering if you can give me your opinion on what this network needs to make it more secure (multiple firewalls, IDS, etc)....
Thanks
-
July 3rd, 2005, 11:28 AM
#2
On your Network Layout Scenario what is that directly below the Internet cloud? I'm assuming a router? Perhaps a switch? IDS sensor? Also, what is that to the left of the firewall?
I wouldn't recommend multiple firewall's on the same system.
I was wondering if you can give me your opinion on what this network needs to make it more secure (multiple firewalls, IDS, etc)....
Encryption, IPS system, IDS system, Strong Passwords etc...
Shouldn't the DMZ traffic be filtered by the firewall? Poor Network architecture = network being breached.
-
July 3rd, 2005, 11:49 AM
#3
Member
right under the cloud is a router and u are right the DMZ would be connected straight to the firewall, will change now
-
July 3rd, 2005, 12:35 PM
#4
Secure
Hey,
If your interested in setting up a secure network, I recommend reading through Cisco's SAFE whitepapers.... LINK
It's Cisco's recomendation on how to set up a SAFE network (offcourse whith their equipment, but you'll get the idea).
Just thought to mention it... it's an interesting read.
Ch33rz,
C.
Back when I was a boy, we carved our own IC's out of wood.
-
July 3rd, 2005, 02:59 PM
#5
Be carefull with that wireless access point.
Unless you're setting up a strong authentication / encryption scheme like WPA with Radius (and even then), it should live in a seperate (dmz like) segment on the firewall.
Also, depending on your resources ($), you might want to consider setting up vlans and using a layer 3 swtich (or vlan capable switch and a router) on the internal network to seperate your servers/ops/dev/lab zones into diffrent segments which you can then setup some basic ACLs on the router....
If you want to do IDS, make sure that your switches support mirroring (aka port spanning, port monitoring), ideally multiple port or vlan to one port.
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|