Re: Network Re-design



Hi,
the first is to do a risk analisis, so you will know in what expend your
money and what to do before.
But think about network segmentation, like DMZ, segretation of internal
servers....
There a lot of things to take when designing a network like the one you
have, and if you have any security consultant will be very helpful to do
the right choices.

Anyway this two books are really fantatisc and will help you a lot:
http://www.amazon.com/Inside-Network-Perimeter-Security-2nd/dp/0672327376/ref=pd_bbs_sr_1/104-0184976-6156744?ie=UTF8&s=books&qid=1173257213&sr=8-1
http://www.amazon.com/Information-Security-Risk-Analysis-Second/dp/0849333466/ref=sr_1_1/104-0184976-6156744?ie=UTF8&s=books&qid=1173257282&sr=8-1




El mar, 06-03-2007 a las 20:22 +0100, Ansgar -59cobalt- Wiechers
escribió:
On 2007-03-03 Tornado wrote:
We are in process of redesigning our whole network from security
perspective. We have around 400 workstations with around 20 servers.
These are located between 2 locations and connected with dedicated P2P
link. None of the servers are facing the internet at the moment.But in
the forthcoming months we might have some servers facing the internet.
I wanted to know what are the considerations we need to take when
taking such a crtical activity. Are there any good resources on the
net which help us to get started?

Read a good book.

http://safari.oreilly.com/1565928717

Regards
Ansgar Wiechers



Relevant Pages

  • Re: Network Re-design
    ... We have around 400 workstations with around 20 servers. ... the forthcoming months we might have some servers facing the internet. ...
    (Security-Basics)
  • Network Re-design
    ... We have around 400 workstations with around 20 servers. ... None of the servers are facing the internet at the moment.But in the forthcoming months we might have some servers facing the internet. ...
    (Security-Basics)
  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)
  • Re: Restrict Dynamic Updates
    ... exposed to the Internet is an inherently bad idea, but am in a position where ... my thought was to leave the clients pointing to the BIND/DNS ... servers to resolve all non-AD queries and redirect them to the AD/DNS servers ... internal DNS server host external public data. ...
    (microsoft.public.windows.server.dns)
  • Re: Windows client - internet connection sharing
    ... or USB port on your FreeBSD box. ... This enables you to set up a 'DMZ' network, ... instance have several servers visible on the Internet. ...
    (freebsd-questions)