| View previous topic :: View next topic |
| Author |
Message |
janskey
n00b
Joined: 13 May 2006
Posts: 74
|
 Posted: Wed Jun 28, 2006 2:30 am Post subject: Corporate/Enterprise Network Design |
 |
|
Hi Guys,
I need you your advice. Currently i'm building a network infrastructure for our company.
* Network Status: [existing]
ISP --> Cisco Router 2510 --> Wireless Lan [private networks]
* My Plan - Actually my plann is to build a ftp server,file and print server, dns, firewall and other servers for the company.
| Quote: |
ISP
|
Cisco Router 2510
|
firewall --> Switch --> Servers [i think i'll put here public ip servers]
'--> Switch --> private networks [using wireless lans]
|
I heard also from my friends about DMZ. I dont know where to put it how to setup. Any advice!
Note: ALL servers are running gentoo and also the firewall/freebsd
thanks a lot!
_________________
janskey
I believe, like Edison, that genius is 95% perspiration and 5% genius. |
|
| Back to top |
|
 |
celestialwizard
Tux's lil' helper
Joined: 15 Jun 2006
Posts: 81
Location: Brisbane, Australia
|
| Posted: Wed Jun 28, 2006 4:35 am Post subject: |
|
|
Ok, to begin with, if you have only just heard about a DMZ and also since you don't know where it goes, I'd be telling your employer that you just don't have the skills or knowledge to perform this task and get someone to do the network design for you.
you may be good enough to fudge through the actual implementation, but that is different from designing it. similar to an systems engineer and a systems administrator - a vast difference. |
|
| Back to top |
|
|
janskey
n00b
Joined: 13 May 2006
Posts: 74
|
| Posted: Wed Jun 28, 2006 5:38 am Post subject: |
|
|
| celestialwizard wrote: | Ok, to begin with, if you have only just heard about a DMZ and also since you don't know where it goes, I'd be telling your employer that you just don't have the skills or knowledge to perform this task and get someone to do the network design for you.
you may be good enough to fudge through the actual implementation, but that is different from designing it. similar to an systems engineer and a systems administrator - a vast difference. |
yah right..!
thats why i ask your help..so that i could learn from it.. just dont tell me that i would not perform the task. a way to learn is to perform those task. 
_________________
janskey
I believe, like Edison, that genius is 95% perspiration and 5% genius. |
|
| Back to top |
|
|
celestialwizard
Tux's lil' helper
Joined: 15 Jun 2006
Posts: 81
Location: Brisbane, Australia
|
| Posted: Wed Jun 28, 2006 6:07 am Post subject: |
|
|
Fair cop.
A good place to start would be the advanced networking howto and the netfilter howto. both can be found at www.tldp.org
things to think about....
what services do you need?- who do you need them for?
- which services are needed inside and outside the organisation?
- which services needed outside of the organisation are for the entire world and which are for a set of customers?
a follow-on question is why do you need them? "because XYZ Co has <insert service here>" isn't enough. it needs to provide an actual benefit - especially if you are enabling access to your internal network.
there are a few ways to provide internal services to the outside too.
- VPN
- IPSec
- L2TP
- PPtP
- SSL
- other userland based ones sitting on top of ssh for example
- DMZ
- Port mapping via NAT
there are also various layouts you can use.
| Code: | | net --- router --- firewall --- switch --- dmz --- firewall --- internal network |
or
| Code: |
net --- router --- firewall --- switch --- dmz
--- switch --- internal network |
Cost is usually the biggest factor in determining network security.
If possible, I'd argue for the two bastion host model (layout one). although it increases over head, it minimizes risk in that it is another layer of security. other things to consider include having different types of firewalls. ie, iptables + ciso pix or cisco acs, etc...
you also need to look out for services you wish to offer externally in your DMZ that connect back to your internal network. you want to lock that down as much as possible. VLANs are also useful, especially when splitting up different DMZ services that don't interact with each other.
again, it all depends on what you want to offer.
VMWare ESX (not GSX or Server) may also be useful for hosting your DMZ services as you can use separation as well as implement VLANs while reducing the number of physical servers required to provide them. |
|
| Back to top |
|
|
davascript
l33t
Joined: 07 Apr 2004
Posts: 618
Location: Pennsylvania
|
| Posted: Tue Dec 25, 2007 2:39 am Post subject: |
|
|
| janskey wrote: | | celestialwizard wrote: | Ok, to begin with, if you have only just heard about a DMZ and also since you don't know where it goes, I'd be telling your employer that you just don't have the skills or knowledge to perform this task and get someone to do the network design for you.
you may be good enough to fudge through the actual implementation, but that is different from designing it. similar to an systems engineer and a systems administrator - a vast difference. |
yah right..!
thats why i ask your help..so that i could learn from it.. just dont tell me that i would not perform the task. a way to learn is to perform those task. |
What the heck are you going to do when your questioned about something you don't know about in a meating and you make yourself look like an ass.
_________________
Registered Linux User # 451058 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
