Security Basics mailing list archives
Network redesign
From: Alex <alex.tsr () gmail com>
Date: Fri, 17 Aug 2007 19:50:31 +0300
Hello list, The company I work is going for a major network redesign. We're moving from a single, large and hard to manage network (don't ask why it came to that...) to multiple vlans. The network consists of about 2000 PC's and 30 servers (including apache's, exchange, my- and ms-sql, terminal services and so on). Since this is gonna be a lot of work to be done (and not gonna be done a second time) we're spending a lot of time in designing. Now to the point. * There is the rule of thumb saying "Don't let connections go out of the DMZ", but what about the SQL server that needs to be accessed from a web server in a DMZ? Do we put it the same DMZ, in another one or maybe in a vlan in the main network. * What happens when the boss comes in and says "We need this private web or terminal server in this vlan to be accessed from the outside" * Where is the best place to put our internal network and/or host IDS, security scanner and the likes (nothing like that exists right now :/ ) In a few words how do we design our vlans and DMZ for increasing security but maintaining some flexibility too. What would your Ideal network be like, concerning these issues? Any tips, sources and reading material in general are most welcomed. Thanx, in advance. Cheers, Alex.
Current thread:
- Network redesign Alex (Aug 17)
- RE: Network redesign Tony Reusser (Aug 17)
- <Possible follow-ups>
- Re: Network redesign krymson (Aug 17)