Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] Network design
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 27 Feb 2002 19:12:52 +0200
  • Message-id: <20020227191252.C1069@xxxxxxxxxxxx>
Hi Ryan,
* Ryan Swenson; <Ryan.Swenson@xxxxxxxxxxxxxxxx> on 27 Feb, 2002 wrote:
Togan - you are lucky given your current setup... here some answers.

I have been rereading Building Inetrnet Firewalls probably the 10th time
and I hope at least I designed it with minimum mistakes :-)

1. Stategically you can decide where you want to put an IDS however in your scenerio you are even more or best capable of using 2 IDS. One on your external FW, and one on your Internal firewall. You may have a single Database inside on your management system as well as now a single management www or some console.
You could now watch all in/out traffic leaving your external space and apply policies here. Internally you could now see all traffic leaving and entering your internal firewall which correlates some of the external NAT/MASQ traffic as well as Internal NAT/MASQ traffic. In this you could also have Porn or Info rules.


2. Single Snort IDS is best place between external and internal firewall. Or more so installed on the external firewall but configured as such to see traffic destined... Personally I offload Snort to its own box, and use a switch thats capable of SPAN.

I had the idea of putting snort to its own box also but I was confused
where to put the box ( Guess time to reread Snort Usage, FAQ and
Maillist



2. Put the Squid server on the Internal Firewall. thats a given.

Agrred


3. Syslog server inside internal network. Suggestion is Syslog-ng for security enhancement. Use logwatch + scanlogd on the syslog server.


4. if you can afford it obtain Cisco 3500XL switches for the money. Not only do they provide L2 but also allow limited IOS feautures. They support 2 GBIC links, you simply assign vlans to best cut down storms and provide segmentation.

It depends to the goverment office ( I have told them about the
promotional campaign here we have in Turkey for the 3524XL series)


Thanks for the valuable info
--
Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



< Previous Next >
This Thread
  • No further messages