Secure Network Design

Viewing 5 reply threads
  • Author
    Posts
    • #5897
      knwminus
      Participant

      Greetings,

      For those of you that design networks or suggest designs do you still feel that layer firewalls (from different vendors) is still a valuable part of defensive in depth? From your experience, do companies tend to use this in the SMB enterprises?

      Just want to get someone else’s perspective. I am submitting a proposal for our new network design on Wednesday and the other guy and I have some very, very different opinions.

      Thanks,

    • #36948
      rdm
      Participant

      I work for a medium sized business and we use several firewalls both on the edge and to segment internal networks.

    • #36949
      hell_razor
      Participant

      Personally, as long as you are using a “good” firewall (easy to administer, secure, works for you), then I would not go with a different vendor if the same group will be administering a lot of other equipment as well.  I do not think the overhead is worthwhile, and particularly not so if you use firewall management software from the same vendors (logging, configuration management, etc.).

    • #36950
      rattis
      Participant

      It’s not just the firewall that you would use to segment things.

      Personally, I’d firewall the network connection to the internet and DMZ. Internally, I’d use vlans and access lists to limit exposure.

    • #36951
      knwminus
      Participant

      Oh we will be using vlans in our new design. I personally feel like since I am the one who will be handling the firewall admin work, I should stick with one vendor and expertly configure it and use a solid IDS implementation to pick up the slack.

      I think I might post my idea for the new network design later.

    • #36952
      rabray
      Participant

      Rather than an IDS, would you not perhaps consider a IPS or IDPS?

      You may already have that in mind, but you know those acroynms, often confusion can creep in.

      Sometimes the kind of thing that can cause a configuration issue by misunderstanding or lack of procedures (or lack of following of procedure)

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?