Jump to content

Recommended Posts

Posted

Disregard!!

I am doing a computer security assignment, and want to know what you guys think about where i should put the wireless access points. I am treating the wireless as a hostile network and dont know if i should connect it to the access router or the bastion host. It may not matter too much. I am planning routes to seperate the wireless and the internet. Is it more important to protect the wireless from the internet, or the network from the wireless. I plan to have wireless devices connect in using VPN

Here is the layout:

Layout.JPG

Posted

hmm... Me thinks that is not good. Bad design, no redundancy, and too many problems..

This would work much much betta!

mobettanet.png

Reason why I added the switch between the access point was so that vlan security could be implemented. The router can do a lot of work. You do not seem to have an outbound server farm in it :P. All the clients should have some redundancy, so if a server or switch goes out, it's just one dept. jumping down your throat instead of the whole masses going after you with pitchforks! Also, this way the speed between server to server traffic and client to server traffic can be fully realized, along with trunking implemented. I was NOT going to sit here and configure the whole thing in sudo cli to get all the lights green, so you'll just have to trust me on that :P

Posted
What programs are you guys using to design those layouts ?

I don't know about klutz, but it looks like h3%5kr3w used Cisco's Packet Tracer.

Posted

Looks like its missing something though. Where are the firewalls in your layouts?

Posted
What programs are you guys using to design those layouts ?

U can use smartdraw. Real simple to use. Windows App so u know.

hxxp://www.smartdraw.com

Posted
the routers can take care of that one !

I'd rather have stand alone appliances with front ends for configurations vs trying and set up and maintain access lists for everything on a router. Firewalls were designed for a reason and you don't want the overhead on your routers anyway. Basic rules on the router, yes, Im all for that, but for real security, stand alone firewalls would be much better in my opinion. Especially if you wanted to review logs and such or set up IDS, the router is meant to route traffic quickly with basic IP security, not protect all the clients behind it on the network.

Posted
I'd rather have stand alone appliances with front ends for configurations vs trying and set up and maintain access lists for everything on a router. Firewalls were designed for a reason and you don't want the overhead on your routers anyway. Basic rules on the router, yes, Im all for that, but for real security, stand alone firewalls would be much better in my opinion. Especially if you wanted to review logs and such or set up IDS, the router is meant to route traffic quickly with basic IP security, not protect all the clients behind it on the network.

This is true.. You should definitely have a firewall AND/or appliances from the inbound device going to the router for full security.

The reason why I didn't put a firewall in place is because packet tracer does not have that Icon, and the servers only allow for one connection in the program.....

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...