- Posts: 12
- Thank you received: 0
Need help on topology design
- einklienermench
- Topic Author
- Offline
- New Member
Less
More
14 years 3 months ago #35099
by einklienermench
Need help on topology design was created by einklienermench
Hi everyone, i need help choosing the best topology for my soon coming home network, (more like room network), i got the topology designed but i need someone who is a professional/ expert to verify and/or improve the overall security of the network. I will be using only cisco devices as it will help me to practice on in the future and they make quality hardware.
Anyway, All i want is a network that will have a NAS Drive, 3 IP Cameras (Paranoid + cautious) and a firewall.
The security of my NAS drive is at the utmost priority, the cameras are there to help me see what is happening inside the vault (more like a room with bomb-shelter thick walls and an industrial grade door) and sleep better when im not home. (Happends allot). Money is not an issue, its the security that is. (Got some people that are not very happy with my work and will go through great deal of trouble to get to my work), I will be accessing the drive all the time so it has to stay available all the time. Hence the UPS drives and hence the security.
Many people said that having separate firewall, router, and a switch is the best setup you can get in terms of security and other people said exactly the opposite. Please clear the confision.
Please advise.
Anyway, All i want is a network that will have a NAS Drive, 3 IP Cameras (Paranoid + cautious) and a firewall.
The security of my NAS drive is at the utmost priority, the cameras are there to help me see what is happening inside the vault (more like a room with bomb-shelter thick walls and an industrial grade door) and sleep better when im not home. (Happends allot). Money is not an issue, its the security that is. (Got some people that are not very happy with my work and will go through great deal of trouble to get to my work), I will be accessing the drive all the time so it has to stay available all the time. Hence the UPS drives and hence the security.
Many people said that having separate firewall, router, and a switch is the best setup you can get in terms of security and other people said exactly the opposite. Please clear the confision.
Please advise.
14 years 3 months ago #35108
by Losh
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
Replied by Losh on topic Re: Need help on topology design
You seem to have keen interest in security so the setup you have there is just what you need. But i must say that those are just pictures, what matters most is the configuration done on the equipment. Using the configuration, then an expert can tell u if your network is secure or not. Post a similar config to what you will configure on your router,switch & firewall then we'll know if ur good to go.
However, you seem to have protected urself from outside attacks, what if someone were to physically access your equipment from your home? Have you thought about that??
However, you seem to have protected urself from outside attacks, what if someone were to physically access your equipment from your home? Have you thought about that??
~ Networking :- Just when u think its starting to make sense......... ~
____________________________________________
CCNA, CCNP, CCNA Security, JNCIA, APDS, CISA
- einklienermench
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 0
14 years 3 months ago #35112
by einklienermench
Replied by einklienermench on topic Passwords, Passwords, passwords.
I got 12 Password sets each is different from the other, each set contains a BIOS Password, USER Login Password ,Admin password, firewall, router, switch, cameras all get different passwords passwords they vary in length because of the different limitations of programs (example: in the bios you can have a password that is maximum of 8 characters - Award bios), Passwords rotate each month, every year gets 12 new sets.
Been doing that for years now, no one can access that, hell i cant access that if im coming back from a party drunk (48 numbers are still not your ordinary password and hard to remember even when you are sober)(Probably a good thing). The NAS drive will get the utmost security, 24 password sets that are again, rotating each 15 days and each year new password sets. (I couldn't get the biometric scanner because i wont be there all the time and i dont want anyone to chop my finger off to access - Heart beat sensing biometric scanners are VERY Expensive).
Oh and did i mention the bomb-shelter 3" thick steel door?.
In terms of security management i got almost everything covered. I Will get a vault to store the passwords inside - coded so only i will understand the code. The vault is a custom made vault With an RFID chip reader (Works on the 134 kHz. so i have to get very close to the vault for it to open) The challenge is the logical network security in terms of firewall flaws.
Are there any IOS Switches that are 16 ports and are 19" Rack standard? Can you recommend a good firewall (again, 19" Rack)?
Roman
Been doing that for years now, no one can access that, hell i cant access that if im coming back from a party drunk (48 numbers are still not your ordinary password and hard to remember even when you are sober)(Probably a good thing). The NAS drive will get the utmost security, 24 password sets that are again, rotating each 15 days and each year new password sets. (I couldn't get the biometric scanner because i wont be there all the time and i dont want anyone to chop my finger off to access - Heart beat sensing biometric scanners are VERY Expensive).
Oh and did i mention the bomb-shelter 3" thick steel door?.
In terms of security management i got almost everything covered. I Will get a vault to store the passwords inside - coded so only i will understand the code. The vault is a custom made vault With an RFID chip reader (Works on the 134 kHz. so i have to get very close to the vault for it to open) The challenge is the logical network security in terms of firewall flaws.
Are there any IOS Switches that are 16 ports and are 19" Rack standard? Can you recommend a good firewall (again, 19" Rack)?
Roman
14 years 3 months ago #35116
by JamieP
Jamie Parks
Network Engineer, UK
Replied by JamieP on topic Re: Need help on topology design
you mentioned you wanted to use cisco kit so you could practice on it? which i am guessing means your not to confident on the setup of this equipment?
firewalls are not just plug and play, you need to know what you are doing to set them up. so given the lengths you have gone to to protect yourself from internal attack, why dont you get a proffesional in to configure it for you, the topology looks OK, but as someone else has mentioned your config is going to be your weakest point if not done correctly.
firewalls are not just plug and play, you need to know what you are doing to set them up. so given the lengths you have gone to to protect yourself from internal attack, why dont you get a proffesional in to configure it for you, the topology looks OK, but as someone else has mentioned your config is going to be your weakest point if not done correctly.
Jamie Parks
Network Engineer, UK
- einklienermench
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 0
14 years 3 months ago #35125
by einklienermench
Replied by einklienermench on topic Well yeah
Well yeah, im planning to purchase that setup after i get my certification, my instructor is a ccna security certified so she will just help me set up the firewall.
Well, if you guys say that the topology is okay then i guess i got what i needed and thank you all for replying.
BTW: Hardware wise -
Can anyone verify that the following hardware has IOS CLI Interface and are sufficient for the job?
Cisco 2901 Router
Cisco SGE2000 Switch
Also i cant decide between ASA firewalls and PIX.
Roman
Well, if you guys say that the topology is okay then i guess i got what i needed and thank you all for replying.
BTW: Hardware wise -
Can anyone verify that the following hardware has IOS CLI Interface and are sufficient for the job?
Cisco 2901 Router
Cisco SGE2000 Switch
Also i cant decide between ASA firewalls and PIX.
Roman
14 years 3 months ago #35131
by JamieP
Jamie Parks
Network Engineer, UK
Replied by JamieP on topic Re: Need help on topology design
a quick google would show you the answer you know
Cisco SGE2000 does not have a CLI, it is web based, as it is classed as a small business express switch, if you want to study for your CCNA, then you are better off avoiding this.
depending on your budget, i would go for something like the 3560 or 3560G (this way you could get rid of the router, as this is a multi layer switch, and could do all your routing for you.
the 2901 does have the IOS on it, so can be managed from CLI
The difference between the ASA and PIX is quite vast, to start with the PIX is discontinued, but will cost you about 1/4 of the price of an ASA. The ASA is alot easier to manage, and has alot more features.
Also, make sure your instructor knows what they are doing, the CCNA Security dosnt actually cover any firewall configuration, that is all done at the CCSP level ( thats not to say they wont know what they are doing, but dont make assumptions based on thei certifications!!!!!!!)
Cisco SGE2000 does not have a CLI, it is web based, as it is classed as a small business express switch, if you want to study for your CCNA, then you are better off avoiding this.
depending on your budget, i would go for something like the 3560 or 3560G (this way you could get rid of the router, as this is a multi layer switch, and could do all your routing for you.
the 2901 does have the IOS on it, so can be managed from CLI
The difference between the ASA and PIX is quite vast, to start with the PIX is discontinued, but will cost you about 1/4 of the price of an ASA. The ASA is alot easier to manage, and has alot more features.
Also, make sure your instructor knows what they are doing, the CCNA Security dosnt actually cover any firewall configuration, that is all done at the CCSP level ( thats not to say they wont know what they are doing, but dont make assumptions based on thei certifications!!!!!!!)
Jamie Parks
Network Engineer, UK
Time to create page: 0.143 seconds