Solved

Protecting a developing network

Posted on 2007-12-01
5
235 Views
Last Modified: 2010-04-12
I have a small network consisting of 2 servers and 8 workstations.  We work with a database program and we are starting to use the Internet more and more.  As our resources increase in value, I would want to improve on the security of our network by adding a Cisco ASA 5505.  At the moment we just have a router using NAT.  I have done some research and it seems to me that the Cisco ASA 5505 is a good solution that we will be growing into with the development of a DMZ (in time).

I'm wondering:

1. Would this be a good place to start with network security?  Does anyone have any other recommendations?
2. Do you need a static IP address to start using the ASA 5505, without going into all of the networking options in the begining?
3. Are there yearly update fees with the use of an ASA 5505 + Security Plus module?

Any guidance would be greatly appreciated.

Thank you.
0
Comment
Question by:Global-Mind
  • 3
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 20390135
1. Growth rate has to be determined. These boxes value themselves based on the number of concurrent connections, so look for that.
 
  Along with that I'd also suggest you to take a look at Juniper SSG series firewall (www.juniper.net), good performance for about the same price of ASA, ASA are good as well.


2. For both Juniper and Cisco firewalls you don't need a static ip address, means that you can put the box in there and configure for the outside interface to get ip from your ISP's dhcp server and also setup NAT along with security features.


3. Yes you need to go for some kinda support plan which covers your hardware/upgrade of software/ support etc.

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
ID: 20402835
Thank you for your help, Rajesh.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20402873
No Problem. Are you going with ASA ?

Cheers,
Rajesh
0
 

Author Comment

by:Global-Mind
ID: 20408260
Hello Rajesh,

Yes, I will be going with the ASA 5505.  Actually, I just ordered it today.  I think that there is enough documentation here and on the Cisco web site that I will be able to get by ... I think.  However, in all of the reading that I have been doing, all of the instructions direct the network admin to gain successful transmission of data, which, of course is the goal.  Having said that, once this goal is accomplished and you are receiving data (web, e-mail, ftp, etc), how do you know that you in fact have a protected network?

If this constitutes a new discussion, I will not have any problem in putting up another 500 points.

Thank you for the follow-up.

Gord
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20408820
There are different logging facilities in the ASA which you can look at it in the firewall itself or decide to send it to a Syslog server (better management and choose to keep the log for a long time).

If you go down the syslog path, then there are so many freeware syslog servers available (kiwi being very famous).

As a network admin, you actually can try to penetrate the firewall (with written permission from your bosses ofcourse :-) ) from internet and see if you're able to get through to your network other than the ports you have opened. Again, there are so many freeware tools available for the same.

ASA works this way => Everything from inside to outside by default is allowed, Nothing from outside to inside is allowed. If you want traffic to come inside, you need to punch holes using access-lists (which is the careful part you need to decide, I'm sure as the time goes people would have more and more requirements for opening ports).

Cheers,
Rajesh
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question