Solved

A good plan for a secure network setup

Posted on 2011-03-02
7
546 Views
Last Modified: 2012-06-21
I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

I also maintain a wireless system for the guests.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

I think I want a VPN to access an internal computer from florida and 30 miles away.

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

I need the web server connected via a separate router - then to the bridge.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

does this sound right?
0
Comment
Question by:ri95
7 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 35024006
You need just one router for this and one managed switch. The router will govern all of your WAN->WAN, WAN->LAN, LAN->WIRELESS, etc... rules and permissions by creating Network Objects which are groups of IP addresses or MAC addresses and applying permissions to them. You will need a switch for each subnet that comes out of the managed switch. LogMeIn will work without any trouble as it uses port 80 and 256-bit encryption so no other security is needed for that. If you want super secure you make all the computers connect via VPN into your protected server and you isolate it (on the managed switch). The wireless can be handled by a good router as well. I highly recommend you go here: http://www.sonicguard.com/TZ210Wireless.asp and check out the appliance I link to. It's spendy but it is extremely secure and very good at what it does.
0
 

Author Comment

by:ri95
ID: 35024057
Thanks - I have tried working with Sonicwall and found it difficult...don't you think NetGear has good units?
0
 
LVL 8

Expert Comment

by:nwtechdesk
ID: 35024114
I've seen too many netgear routers and switches fail.  Start with quality switches like HP Procurve and consider the Sonicwall as a good choice but a lower end choice.  The sonicwall is easy to work with if you use their built-in wizards.  Fortinet would be a better solution but it may not be in the budget.
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 33

Expert Comment

by:digitap
ID: 35024340
i'm not sure i would rank the sonicwall on the lower end choice. in the end, it's how it's configured that makes the difference. but, you should get what you believe will be reliable and will be easy to work with. i would actually consider netgear to be a lower end choice, but that's me. HP makes good switches. i have a radiology group with two NSA 3200 in HA mode. i have about 15 site to site vpns connecting to a plethora of routers, ciso, juniper...even a linksys. we don't have any issues with the hardware. we've deployed an ssl-vpn appliance used to implement user VPN connections.

my comments to your question specifically:

I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

**since you have your internet web server tying into a internal database, i'd put the web server on a DMZ and open the appropriate ports back to the database. it's best practice anyway.

I also maintain a wireless system for the guests.

**sonicwall does wireless guest services well. although, i've never been impress with the guest authentication methods. of course, i've not implemented it with their NSA models...only the Pro Series models.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

**Why? What type of security are you wanting to implement here? i can see different subnets, but don't understand the bridge mode configuration. the sonicwall has different interfaces that allow you to create different subnets and create firewall rules to filter traffic.  is this the direction you were thinking? with a decent L3 router, you could implement VLANs and access control lists to do the same thing if you didn't want the sonicwall.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

**How are the hotels connected..MPLS, site to site VPN, what?

I think I want a VPN to access an internal computer from florida and 30 miles away.

**I'd implement the VPN at the firewall...sonicwall, juniper, watchguard, cisco...

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

**If you have a firewall that supports VPN, then you can use a secure VPN connection with RDP.

I need the web server connected via a separate router - then to the bridge.

**Why? I'm going to reference here my comment above regarding the DMZ.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

**Why?
0
 

Author Comment

by:ri95
ID: 35026461
thanks for your answer -

I want to be secure going in and out.
I want the Posi on a separate network.
I want the guests to have no possibility of reaching my internal network.
There are no other hotels, just management coming in.
On the web server - it connects to the hotel server database to verify availability and it is the hotel database which processes the credit cards for the reservation system.
0
 

Author Closing Comment

by:ri95
ID: 35032717
Quick answer also.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35033607
curious. i guess i thought you wanted a discussion. i see you wanted something simpler. wished i hadn't spent so much time going through your question and responding. you might consider in the future putting that up front in your question so other experts don't waste their time on your question.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question