AussieKlutz Posted October 3, 2009 Posted October 3, 2009 Disregard!! I am doing a computer security assignment, and want to know what you guys think about where i should put the wireless access points. I am treating the wireless as a hostile network and dont know if i should connect it to the access router or the bastion host. It may not matter too much. I am planning routes to seperate the wireless and the internet. Is it more important to protect the wireless from the internet, or the network from the wireless. I plan to have wireless devices connect in using VPN Here is the layout: Quote
h3%5kr3w Posted October 3, 2009 Posted October 3, 2009 hmm... Me thinks that is not good. Bad design, no redundancy, and too many problems.. This would work much much betta! Reason why I added the switch between the access point was so that vlan security could be implemented. The router can do a lot of work. You do not seem to have an outbound server farm in it :P. All the clients should have some redundancy, so if a server or switch goes out, it's just one dept. jumping down your throat instead of the whole masses going after you with pitchforks! Also, this way the speed between server to server traffic and client to server traffic can be fully realized, along with trunking implemented. I was NOT going to sit here and configure the whole thing in sudo cli to get all the lights green, so you'll just have to trust me on that :P Quote
K-radical Posted October 3, 2009 Posted October 3, 2009 What programs are you guys using to design those layouts ? Quote
Iain Posted October 3, 2009 Posted October 3, 2009 What programs are you guys using to design those layouts ? I don't know about klutz, but it looks like h3%5kr3w used Cisco's Packet Tracer. Quote
digip Posted October 4, 2009 Posted October 4, 2009 Looks like its missing something though. Where are the firewalls in your layouts? Quote
3w`Sparky Posted October 4, 2009 Posted October 4, 2009 the routers can take care of that one ! Quote
Murkis Posted October 7, 2009 Posted October 7, 2009 What programs are you guys using to design those layouts ? U can use smartdraw. Real simple to use. Windows App so u know. hxxp://www.smartdraw.com Quote
digip Posted October 8, 2009 Posted October 8, 2009 the routers can take care of that one ! I'd rather have stand alone appliances with front ends for configurations vs trying and set up and maintain access lists for everything on a router. Firewalls were designed for a reason and you don't want the overhead on your routers anyway. Basic rules on the router, yes, Im all for that, but for real security, stand alone firewalls would be much better in my opinion. Especially if you wanted to review logs and such or set up IDS, the router is meant to route traffic quickly with basic IP security, not protect all the clients behind it on the network. Quote
h3%5kr3w Posted October 8, 2009 Posted October 8, 2009 I'd rather have stand alone appliances with front ends for configurations vs trying and set up and maintain access lists for everything on a router. Firewalls were designed for a reason and you don't want the overhead on your routers anyway. Basic rules on the router, yes, Im all for that, but for real security, stand alone firewalls would be much better in my opinion. Especially if you wanted to review logs and such or set up IDS, the router is meant to route traffic quickly with basic IP security, not protect all the clients behind it on the network. This is true.. You should definitely have a firewall AND/or appliances from the inbound device going to the router for full security. The reason why I didn't put a firewall in place is because packet tracer does not have that Icon, and the servers only allow for one connection in the program..... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.