Public Domain for private use

[Raj <rajshas () gmail com>]

Hi grp

Im was looking for a solution which incorporates a private secured
network connected to the internet cloud. The solution would be
different from a normal intranet connected through gateway to internet
, where the main security (against internet intruder) generally relies
on gateway setup. The system should be able to bifurcate the public
and private traffic and it should have more thrust on security.

At first I though of a VPN setup (at network layer) and a (VPN +)
VIrtualization setup ( at application layer). I presume, the flow of
packet from outside to inside like this:

 internet -> Gateway System(1) -> VPN Tunnel (2)->End user 's OS Nic
(tunnel end) (3)->to virtual nic (through OS)-> virtual OS(4) -> user

(1) Gateway System tackling the system/network policies of the org at
first level.
(2) VPN tunnel between the networking devices, and if possible a
tunnel at application layer implementing the ACLs for individual
users.
(3) this nic get the internal as well as external packets , not sure
if using virtual IP, intruder can get to the machine OS. Both machine
IP and virtual IP are on same range. Here the security relies only on
the virtual service ( correct me if im wrong).


Does the hypothetical senario which i mentioned above fits my
requirements or are there better solution.


regards

Raj