Secure Network Design

Viewing 5 reply threads
  • Author
    • #5897


      For those of you that design networks or suggest designs do you still feel that layer firewalls (from different vendors) is still a valuable part of defensive in depth? From your experience, do companies tend to use this in the SMB enterprises?

      Just want to get someone else’s perspective. I am submitting a proposal for our new network design on Wednesday and the other guy and I have some very, very different opinions.


    • #36948

      I work for a medium sized business and we use several firewalls both on the edge and to segment internal networks.

    • #36949

      Personally, as long as you are using a “good” firewall (easy to administer, secure, works for you), then I would not go with a different vendor if the same group will be administering a lot of other equipment as well.  I do not think the overhead is worthwhile, and particularly not so if you use firewall management software from the same vendors (logging, configuration management, etc.).

    • #36950

      It’s not just the firewall that you would use to segment things.

      Personally, I’d firewall the network connection to the internet and DMZ. Internally, I’d use vlans and access lists to limit exposure.

    • #36951

      Oh we will be using vlans in our new design. I personally feel like since I am the one who will be handling the firewall admin work, I should stick with one vendor and expertly configure it and use a solid IDS implementation to pick up the slack.

      I think I might post my idea for the new network design later.

    • #36952

      Rather than an IDS, would you not perhaps consider a IPS or IDPS?

      You may already have that in mind, but you know those acroynms, often confusion can creep in.

      Sometimes the kind of thing that can cause a configuration issue by misunderstanding or lack of procedures (or lack of following of procedure)

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?