RE: Network Design

["Cherian M. Palayoor" <cpalayoor () cwalkergroup com>]

Chris,

Further to your suggestion of a Cisco 2600 router to be setup as a firewall.

With the kind of memory requirements that the Cisco Firewall IOS image
demands (48 MB for the FW-IDS-3DES), coupled with the cost of licensing the
IOS, wouldnt it make better sense to purchase a Pix for a few hundred bucks
more.

Regards

CP

-----Original Message-----
From: Halverson, Chris [mailto:chris.halverson () encana com]
Sent: Tuesday, August 26, 2003 8:39 AM
To: 'Jeff McClintock'; security-basics () securityfocus com
Subject: RE: Network Design


Jeff, 

I personally like the 2600 series of routers from Cisco, gives you a robust
firewall/router and allows a lot of configuration.  As well as is not overly
expensive.  They will also scale if your company grows past 50.  Make sure
you buy the support package, Download the Cisco configurator and you are off
to the races...  

You will find a lot of stuff out there, so make sure to talk to companies in
your area, find out their area's of expertise and do get some contractor's
in to do the work, ensuring that they document EVERY step they do, as well
as passwords to the devices.  You will have it up and running quickly and
hopefully securely.  (Remember price is not always as important as good
creditials and references)

Chris Halverson
Security Administrator
EnCana Corporation

-----Original Message-----
From: Jeff McClintock [mailto:lord_fiery () yahoo com]
Sent: Monday, August 25, 2003 1:51 AM
To: security-basics () securityfocus com
Subject: Network Design




Hello,



I've been tasked with creating my first ever network.  Definitely 

exciting, but lots of stuff to know :)  Given that, I wanted to run this 

by you guys and get some opinions.  I work for a small firm of 20-25 

employees that use Windows 2000 and XP exclusively.  They are planning to 

scale to a maximum of 50 people within a year.  They have a full T1, and 

want to have an FTP server, VPN and OWA access.  Web hosting is done by 

their ISP.



Does this seem like a pretty secure set up for them:



Internet -> Firewall -> (DMZ) FTP/OWA server (DMZ) -> DMZ Firewall -> 

Corporate LAN (with Exchange, employee machines, etc...)



If so, any rec's on firewalls for something like this?  Since it's a 

small firm, price is always an issue.



thanks

jm

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------



 Scanned by Webshield E250




 Scanned by Webshield E250



---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------