Solved

Protecting a developing network

Posted on 2007-12-01
5
231 Views
Last Modified: 2010-04-12
I have a small network consisting of 2 servers and 8 workstations.  We work with a database program and we are starting to use the Internet more and more.  As our resources increase in value, I would want to improve on the security of our network by adding a Cisco ASA 5505.  At the moment we just have a router using NAT.  I have done some research and it seems to me that the Cisco ASA 5505 is a good solution that we will be growing into with the development of a DMZ (in time).

I'm wondering:

1. Would this be a good place to start with network security?  Does anyone have any other recommendations?
2. Do you need a static IP address to start using the ASA 5505, without going into all of the networking options in the begining?
3. Are there yearly update fees with the use of an ASA 5505 + Security Plus module?

Any guidance would be greatly appreciated.

Thank you.
0
Comment
Question by:Global-Mind
  • 3
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 20390135
1. Growth rate has to be determined. These boxes value themselves based on the number of concurrent connections, so look for that.
 
  Along with that I'd also suggest you to take a look at Juniper SSG series firewall (www.juniper.net), good performance for about the same price of ASA, ASA are good as well.


2. For both Juniper and Cisco firewalls you don't need a static ip address, means that you can put the box in there and configure for the outside interface to get ip from your ISP's dhcp server and also setup NAT along with security features.


3. Yes you need to go for some kinda support plan which covers your hardware/upgrade of software/ support etc.

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
ID: 20402835
Thank you for your help, Rajesh.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20402873
No Problem. Are you going with ASA ?

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
ID: 20408260
Hello Rajesh,

Yes, I will be going with the ASA 5505.  Actually, I just ordered it today.  I think that there is enough documentation here and on the Cisco web site that I will be able to get by ... I think.  However, in all of the reading that I have been doing, all of the instructions direct the network admin to gain successful transmission of data, which, of course is the goal.  Having said that, once this goal is accomplished and you are receiving data (web, e-mail, ftp, etc), how do you know that you in fact have a protected network?

If this constitutes a new discussion, I will not have any problem in putting up another 500 points.

Thank you for the follow-up.

Gord
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20408820
There are different logging facilities in the ASA which you can look at it in the firewall itself or decide to send it to a Syslog server (better management and choose to keep the log for a long time).

If you go down the syslog path, then there are so many freeware syslog servers available (kiwi being very famous).

As a network admin, you actually can try to penetrate the firewall (with written permission from your bosses ofcourse :-) ) from internet and see if you're able to get through to your network other than the ports you have opened. Again, there are so many freeware tools available for the same.

ASA works this way => Everything from inside to outside by default is allowed, Nothing from outside to inside is allowed. If you want traffic to come inside, you need to punch holes using access-lists (which is the careful part you need to decide, I'm sure as the time goes people would have more and more requirements for opening ports).

Cheers,
Rajesh
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now