.

Secure Network Design

<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Mon Dec 20, 2010 6:48 pm

Secure Network Design

Greetings,

For those of you that design networks or suggest designs do you still feel that layer firewalls (from different vendors) is still a valuable part of defensive in depth? From your experience, do companies tend to use this in the SMB enterprises?

Just want to get someone else's perspective. I am submitting a proposal for our new network design on Wednesday and the other guy and I have some very, very different opinions.

Thanks,
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

rdm

User avatar

Newbie
Newbie

Posts: 9

Joined: Wed Sep 15, 2010 5:44 pm

Post Mon Dec 20, 2010 8:22 pm

Re: Secure Network Design

I work for a medium sized business and we use several firewalls both on the edge and to segment internal networks.
GCIH, GCIA, GSNA, CEH, Security+
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Tue Dec 21, 2010 9:49 am

Re: Secure Network Design

Personally, as long as you are using a "good" firewall (easy to administer, secure, works for you), then I would not go with a different vendor if the same group will be administering a lot of other equipment as well.  I do not think the overhead is worthwhile, and particularly not so if you use firewall management software from the same vendors (logging, configuration management, etc.).
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Dec 21, 2010 11:26 am

Re: Secure Network Design

It's not just the firewall that you would use to segment things.

Personally, I'd firewall the network connection to the internet and DMZ. Internally, I'd use vlans and access lists to limit exposure.
OSWP, Sec+
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Tue Dec 21, 2010 1:33 pm

Re: Secure Network Design

Oh we will be using vlans in our new design. I personally feel like since I am the one who will be handling the firewall admin work, I should stick with one vendor and expertly configure it and use a solid IDS implementation to pick up the slack.


I think I might post my idea for the new network design later.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

rabray

Newbie
Newbie

Posts: 38

Joined: Mon Nov 01, 2010 2:41 pm

Post Fri Jan 14, 2011 8:13 pm

Re: Secure Network Design

Rather than an IDS, would you not perhaps consider a IPS or IDPS?

You may already have that in mind, but you know those acroynms, often confusion can creep in.

Sometimes the kind of thing that can cause a configuration issue by misunderstanding or lack of procedures (or lack of following of procedure)
---------------------------------------
CEH, eCPPT, MCT, MCSA, MCDST, A+, Net+

Never been the flamin type.

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software