Solved

Protecting a developing network

Posted on 2007-12-01
5
230 Views
Last Modified: 2010-04-12
I have a small network consisting of 2 servers and 8 workstations.  We work with a database program and we are starting to use the Internet more and more.  As our resources increase in value, I would want to improve on the security of our network by adding a Cisco ASA 5505.  At the moment we just have a router using NAT.  I have done some research and it seems to me that the Cisco ASA 5505 is a good solution that we will be growing into with the development of a DMZ (in time).

I'm wondering:

1. Would this be a good place to start with network security?  Does anyone have any other recommendations?
2. Do you need a static IP address to start using the ASA 5505, without going into all of the networking options in the begining?
3. Are there yearly update fees with the use of an ASA 5505 + Security Plus module?

Any guidance would be greatly appreciated.

Thank you.
0
Comment
Question by:Global-Mind
  • 3
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
Comment Utility
1. Growth rate has to be determined. These boxes value themselves based on the number of concurrent connections, so look for that.
 
  Along with that I'd also suggest you to take a look at Juniper SSG series firewall (www.juniper.net), good performance for about the same price of ASA, ASA are good as well.


2. For both Juniper and Cisco firewalls you don't need a static ip address, means that you can put the box in there and configure for the outside interface to get ip from your ISP's dhcp server and also setup NAT along with security features.


3. Yes you need to go for some kinda support plan which covers your hardware/upgrade of software/ support etc.

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
Comment Utility
Thank you for your help, Rajesh.
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
No Problem. Are you going with ASA ?

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
Comment Utility
Hello Rajesh,

Yes, I will be going with the ASA 5505.  Actually, I just ordered it today.  I think that there is enough documentation here and on the Cisco web site that I will be able to get by ... I think.  However, in all of the reading that I have been doing, all of the instructions direct the network admin to gain successful transmission of data, which, of course is the goal.  Having said that, once this goal is accomplished and you are receiving data (web, e-mail, ftp, etc), how do you know that you in fact have a protected network?

If this constitutes a new discussion, I will not have any problem in putting up another 500 points.

Thank you for the follow-up.

Gord
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
There are different logging facilities in the ASA which you can look at it in the firewall itself or decide to send it to a Syslog server (better management and choose to keep the log for a long time).

If you go down the syslog path, then there are so many freeware syslog servers available (kiwi being very famous).

As a network admin, you actually can try to penetrate the firewall (with written permission from your bosses ofcourse :-) ) from internet and see if you're able to get through to your network other than the ports you have opened. Again, there are so many freeware tools available for the same.

ASA works this way => Everything from inside to outside by default is allowed, Nothing from outside to inside is allowed. If you want traffic to come inside, you need to punch holes using access-lists (which is the careful part you need to decide, I'm sure as the time goes people would have more and more requirements for opening ports).

Cheers,
Rajesh
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now