Hi, I need some advice in designing a secure network. A very rough image is located at http://toganm.tripod.com/projects/network.jpg Everything will be running SuSE Linux with Kernel 2.2.19 except the Terminal Sever which will be 2.4.9.ltsp ( or I will recompile the kernel for that server specifically) So terminals will be thinclients I have 60 (and possibly will be added more) thin clients who will be only using Web and Mail. Web server will be hosting the website updates will be done by cron job running hourly Mail server will be accepting mail from the internet and forward them to internal Mail server (possibly LTSP server will handle this also) which would be IMAP Here are the places I am lost 1) Where would be the best location to place snort as IDS 2) Where would be the best location to place a SYSLOG machine for all the bastion hosts 3) What would be the best subnetting structure to minimize broadcast traffic ? 4) What could be my alternatives for Outer firewall (currently it will be a Linux pc based CDROM firewall (ie Cisco PIX ) 5) Will placing Squid proxy to the inner firewall be possibly cauing problems to security or should it be a separate proxy machine. If a separate proxy server where would be be wise to place ? Any thoughts, suggestions pointers much appreciated Thks -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
participants (1)
-
Togan Muftuoglu