Security Basics mailing list archives
RE: Network Design
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Tue, 26 Aug 2003 11:06:35 -0700
CBAC plus extended access-list for CBAC non-support services is a great way to go. However, I think this should be part of layered security approach. At home, I run CBAC plus extended access-list and OpenBSD PF. Regards, Greg DeGennaro Jr., CCNP Security Analyst -----Original Message----- From: Halverson, Chris [mailto:chris.halverson () encana com] Sent: Tuesday, August 26, 2003 8:39 AM To: 'Jeff McClintock'; security-basics () securityfocus com Subject: RE: Network Design Jeff, I personally like the 2600 series of routers from Cisco, gives you a robust firewall/router and allows a lot of configuration. As well as is not overly expensive. They will also scale if your company grows past 50. Make sure you buy the support package, Download the Cisco configurator and you are off to the races... You will find a lot of stuff out there, so make sure to talk to companies in your area, find out their area's of expertise and do get some contractor's in to do the work, ensuring that they document EVERY step they do, as well as passwords to the devices. You will have it up and running quickly and hopefully securely. (Remember price is not always as important as good creditials and references) Chris Halverson Security Administrator EnCana Corporation -----Original Message----- From: Jeff McClintock [mailto:lord_fiery () yahoo com] Sent: Monday, August 25, 2003 1:51 AM To: security-basics () securityfocus com Subject: Network Design Hello, I've been tasked with creating my first ever network. Definitely exciting, but lots of stuff to know :) Given that, I wanted to run this by you guys and get some opinions. I work for a small firm of 20-25 employees that use Windows 2000 and XP exclusively. They are planning to scale to a maximum of 50 people within a year. They have a full T1, and want to have an FTP server, VPN and OWA access. Web hosting is done by their ISP. Does this seem like a pretty secure set up for them: Internet -> Firewall -> (DMZ) FTP/OWA server (DMZ) -> DMZ Firewall -> Corporate LAN (with Exchange, employee machines, etc...) If so, any rec's on firewalls for something like this? Since it's a small firm, price is always an issue. thanks jm --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Network Design Jeff McClintock (Aug 26)
- RE: Network Design David Gillett (Aug 26)
- RE: Network Design Justin F. Knox (Aug 27)
- Re: Network Design Tomas Wolf (Aug 27)
- Re: Network Design pablo gietz (Aug 27)
- <Possible follow-ups>
- RE: Network Design DeGennaro, Gregory (Aug 26)
- Re: Network Design Lee Rich (Aug 26)
- RE: Network Design Halverson, Chris (Aug 26)
- RE: Network Design Smith, Chris (Aug 26)
- Re: Network Design salgak (Aug 26)
- RE: Network Design DeGennaro, Gregory (Aug 26)
- RE: Network Design Cherian M. Palayoor (Aug 26)
- Re: Network Design Chris Berry (Aug 27)