Hi everyone, I hope this question find you well. I have started my final year project and i have difficulties with extraordinary ideas. My project title is “Network System Management & Design”. I am planning to build a network for two site enterprise company with at least 2000 users in. I would be incredible grateful if you could help me with network security based solutions. For example, which security mechanisms i must use to provide robust security on all layer of OSI model and justification of them.
My ideas so far are (IPv6, IPSec over VPN, Multiple Firewalls, IPS/IDS, SNORT,Cloud Servers)
Thank you very much for help and i hope for hear from you soon guys.
- Since it seems no notice of answers but only comments, I’m adding a comment here too. See my answer that I already posted.
- You must login to post comments
As I recall, IPv6 has IPSec built in (I only use it on my server because I have no choice but to use it through 6rd and the tunnel gives me connectivity problems at times and I’ve not looked into IPSec for it).
I would argue ‘the cloud’ is not at all a good thing to look at with regards to security because it simply isn’t secure; it goes like this: if you don’t have control of the system how can you make sure it truly is safe? How can you make sure it is truly backed up and maintained the way you want it to be? It just won’t work. As Graham has put it before, the cloud is another way of saying another person’s computer. And as a long time friend of mine and I have discussed, it is even worse when you’re told to turn your server into the cloud and then have them complain that you no longer have control over your ‘server’. I return to requirements again because it is quite important to consider (same with budget).
Yes, IDS/etc are a good idea (and data verification including logs), and as for multiple firewalls you might want to consider bastion hosts and similar (Building Internet Firewalls is a good book although I have an old edition of it – might want to consider it if you want information about bastion hosts and firewalls more generally.). And: you’re forgetting anti-virus and mail filtering (these are both important regardless of platform). There are many other things to consider but two really important ones. These two things will change what you can do and there is no getting around this:
2. Requirements you’re given.
For 1, you should think about hardware and software as well as providers (and/or customer service/similar) and expansion (important!), disaster recovery (important!) and backing up (which is part of disaster recovery but do make sure you test backups!). One firewall to consider (commercial): Checkpoint. But again consider budget. Linux’s iptables is powerful and *BSD firewalls are also powerful. Routers should also be considered. Essentially you have to have a plan that fits into your budget because otherwise the plan won’t work. If this requires proposing different requirements or anything else, then you have to consider that too (but writing proposals is another matter entirely).
For 2, does everything have to be commercial, e.g. Windows based? What about hardware? Software? The other things I brought up under budget? Because this (as well as 1) changes things drastically.
- You must login to post comments
Please login first to submit.