Re: Designing Network Security

[Joachim Schipper <j.schipper () math uu nl>]

On Fri, Jan 06, 2006 at 12:13:58PM +0530, kaushik wrote:
> Hello List,
>
> May be this is not the right list to post. Since we need to protect 
> ourselves from
> crackers, malicious traffic am taking the liberty to post here.
>
> We need to redesign the network. We need to place a web server, mail 
> server , VOIP server within
> the DMZ and also put an IDS in place.
>
> How should one go about designing the same.
>
> Have to concentrate on protecting the Intellectual Property as well 
> since we are a R&D center.
> Will need some good policies for the same.
>
> Can some one direct me to good online resources in the vast sea available.

Webapps tend to be buggy and full of holes. Don't let them any closer to
sensitive data than is absolutely necessary.

Having a separate machine for the public website would go a long way.

VOIP might also cause quite a few problems, but is likely to hold more
sensitive data. Requiring some sort of authentication is a very good
thing here.

                Joachim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------