Hello -
Forgive me if I sound rude but the questions you ask are very basic. Any
entry level systems/network admin should know this. If you have this many
questions about your own network, my suggestion is to hire a security
consultant to assist you in the initial set up. I would also suggest that
you do some studying on the subject and bring yourself up to speed. Before
the flame mails start, ask your self how a person with this level of
knowledge was placed in a position like this to mange implement and secure
a 200 node network? I do realize that we all started at the bottom and have
worked very hard to achieve the level of expertise this list has. I also
realize that this person is asking for help and with out being completely
rude I have given him some solid suggestions. As a security professional I
realize our field is ever changing and ever growing. I do not know the
reasons that this fella came into this position, and in fact I feel bad for
him faced with a task of such critical measure. The frustration alone must
be unbearable. Again to the list and to Ravi I apologize if I may have been
out of line.
Regards
Bill Lavalette
Network Security Administrator
Network Disaster Recovery Systems
Dallas Texas NOC
http://www.ndrs.com
[EMAIL PROTECTED]
PH 817.652.3882
FAX 817.652.3882
-----Original Message-----
From: Ravi Kumar [SMTP:[EMAIL PROTECTED]]
Sent: Monday, April 03, 2000 11:53 PM
To: [EMAIL PROTECTED]
Subject: Network Layout
Hi,
Can anybody help me to design and implement my
network.
following are the basic required functioning:
I have four different groups: Admin, Developement,
Works(Mail), Works(Chat).
Access rights for these are as follows:
Admin : Can access to Internet and
also access Internal Net(LAN).
Developement : Can not access Internet and
Internel net but some time require to access internal
net.
Works(Mail) : Can not access internet but
can access internal net(LAN).
Works(Chat) : Can access to Internet only for
browsing and chat no other task like ftp,telnet etc,
and also access
Internal Net(LAN).
Hardware Description:
Servers: Sun 5s, Sun10s.
Router: Cisco 2621 (2Wan port and
2Lan port)
Switches: Cisco Enterprise Switch 2912
XL EN
Cisco 2924
Cisco 1924
Nodes: About 200 (PIII m/c)
INternet: International Private
Leased Circuit(IPLC) between NY to Jaipur.
proposed Net Layout:
Router-> SUN 5S -> EP 2912 XL EN Switch -> SUN10S
|-> 1924Switch-> Admin
|-> 1924Switch->Developement
|-> 2924Switch->Works(M,c)
|-> 2924Switch->Works(M,c)
|-> 2924Switch->Works(M,c)
On Sun 5S We are running Web and Mail server
On Sun 10S We are running Our internal Database
server, 10S is accessed by only our software no
external user can't access this.
Queries:
What will be the best Network address(IP) scheme with
netmask or without netmask.
Does we require any router to switch the traffic
between different groups of internal net(LAN).
How I can restrict outside world user to access my
internal net.
Can I stop internal user to change his own IP address.
Is Firewall is required, if yes then which one and
where I put that, just next to router.
Which is the best protection from Virus atteck.
Is there any software which can help me to check my
network traffic internal as well as External.
Thanks in advance.
Gunjan Mathur
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
