Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Network design
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 27 Feb 2002 18:21:00 +0200
  • Message-id: <20020227182100.A1069@xxxxxxxxxxxx>
Hi,

I need some advice in designing a secure network. A very rough image
is located at http://toganm.tripod.com/projects/network.jpg

Everything will be running SuSE Linux with Kernel 2.2.19 except the
Terminal Sever which will be 2.4.9.ltsp ( or I will recompile the kernel
for that server specifically) So terminals will be thinclients

I have 60 (and possibly will be added more) thin clients who will be
only using Web and Mail.

Web server will be hosting the website updates will be done by cron job
running hourly
Mail server will be accepting mail from the internet and forward them to
internal Mail server (possibly LTSP server will handle this also) which
would be IMAP

Here are the places I am lost

1) Where would be the best location to place snort as IDS
2) Where would be the best location to place a SYSLOG machine for all
the bastion hosts
3) What would be the best subnetting structure to minimize broadcast
traffic ?

4) What could be my alternatives for Outer firewall (currently it will
be a Linux pc based CDROM firewall (ie Cisco PIX )

5) Will placing Squid proxy to the inner firewall be possibly cauing
problems to security or should it be a separate proxy machine. If a
separate proxy server where would be be wise to place ?


Any thoughts, suggestions pointers much appreciated

Thks
--
Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



< Previous Next >
This Thread