Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Protecting a developing network

Posted on 2007-12-01
Medium Priority
Last Modified: 2010-04-12
I have a small network consisting of 2 servers and 8 workstations.  We work with a database program and we are starting to use the Internet more and more.  As our resources increase in value, I would want to improve on the security of our network by adding a Cisco ASA 5505.  At the moment we just have a router using NAT.  I have done some research and it seems to me that the Cisco ASA 5505 is a good solution that we will be growing into with the development of a DMZ (in time).

I'm wondering:

1. Would this be a good place to start with network security?  Does anyone have any other recommendations?
2. Do you need a static IP address to start using the ASA 5505, without going into all of the networking options in the begining?
3. Are there yearly update fees with the use of an ASA 5505 + Security Plus module?

Any guidance would be greatly appreciated.

Thank you.
Question by:Global-Mind
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 32

Accepted Solution

rsivanandan earned 2000 total points
ID: 20390135
1. Growth rate has to be determined. These boxes value themselves based on the number of concurrent connections, so look for that.
  Along with that I'd also suggest you to take a look at Juniper SSG series firewall (www.juniper.net), good performance for about the same price of ASA, ASA are good as well.

2. For both Juniper and Cisco firewalls you don't need a static ip address, means that you can put the box in there and configure for the outside interface to get ip from your ISP's dhcp server and also setup NAT along with security features.

3. Yes you need to go for some kinda support plan which covers your hardware/upgrade of software/ support etc.


Author Comment

ID: 20402835
Thank you for your help, Rajesh.
LVL 32

Expert Comment

ID: 20402873
No Problem. Are you going with ASA ?


Author Comment

ID: 20408260
Hello Rajesh,

Yes, I will be going with the ASA 5505.  Actually, I just ordered it today.  I think that there is enough documentation here and on the Cisco web site that I will be able to get by ... I think.  However, in all of the reading that I have been doing, all of the instructions direct the network admin to gain successful transmission of data, which, of course is the goal.  Having said that, once this goal is accomplished and you are receiving data (web, e-mail, ftp, etc), how do you know that you in fact have a protected network?

If this constitutes a new discussion, I will not have any problem in putting up another 500 points.

Thank you for the follow-up.

LVL 32

Expert Comment

ID: 20408820
There are different logging facilities in the ASA which you can look at it in the firewall itself or decide to send it to a Syslog server (better management and choose to keep the log for a long time).

If you go down the syslog path, then there are so many freeware syslog servers available (kiwi being very famous).

As a network admin, you actually can try to penetrate the firewall (with written permission from your bosses ofcourse :-) ) from internet and see if you're able to get through to your network other than the ports you have opened. Again, there are so many freeware tools available for the same.

ASA works this way => Everything from inside to outside by default is allowed, Nothing from outside to inside is allowed. If you want traffic to come inside, you need to punch holes using access-lists (which is the careful part you need to decide, I'm sure as the time goes people would have more and more requirements for opening ports).


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question