Solved

A good plan for a secure network setup

Posted on 2011-03-02
7
538 Views
Last Modified: 2012-06-21
I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

I also maintain a wireless system for the guests.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

I think I want a VPN to access an internal computer from florida and 30 miles away.

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

I need the web server connected via a separate router - then to the bridge.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

does this sound right?
0
Comment
Question by:ri95
7 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
Comment Utility
You need just one router for this and one managed switch. The router will govern all of your WAN->WAN, WAN->LAN, LAN->WIRELESS, etc... rules and permissions by creating Network Objects which are groups of IP addresses or MAC addresses and applying permissions to them. You will need a switch for each subnet that comes out of the managed switch. LogMeIn will work without any trouble as it uses port 80 and 256-bit encryption so no other security is needed for that. If you want super secure you make all the computers connect via VPN into your protected server and you isolate it (on the managed switch). The wireless can be handled by a good router as well. I highly recommend you go here: http://www.sonicguard.com/TZ210Wireless.asp and check out the appliance I link to. It's spendy but it is extremely secure and very good at what it does.
0
 

Author Comment

by:ri95
Comment Utility
Thanks - I have tried working with Sonicwall and found it difficult...don't you think NetGear has good units?
0
 
LVL 8

Expert Comment

by:nwtechdesk
Comment Utility
I've seen too many netgear routers and switches fail.  Start with quality switches like HP Procurve and consider the Sonicwall as a good choice but a lower end choice.  The sonicwall is easy to work with if you use their built-in wizards.  Fortinet would be a better solution but it may not be in the budget.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 33

Expert Comment

by:digitap
Comment Utility
i'm not sure i would rank the sonicwall on the lower end choice. in the end, it's how it's configured that makes the difference. but, you should get what you believe will be reliable and will be easy to work with. i would actually consider netgear to be a lower end choice, but that's me. HP makes good switches. i have a radiology group with two NSA 3200 in HA mode. i have about 15 site to site vpns connecting to a plethora of routers, ciso, juniper...even a linksys. we don't have any issues with the hardware. we've deployed an ssl-vpn appliance used to implement user VPN connections.

my comments to your question specifically:

I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

**since you have your internet web server tying into a internal database, i'd put the web server on a DMZ and open the appropriate ports back to the database. it's best practice anyway.

I also maintain a wireless system for the guests.

**sonicwall does wireless guest services well. although, i've never been impress with the guest authentication methods. of course, i've not implemented it with their NSA models...only the Pro Series models.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

**Why? What type of security are you wanting to implement here? i can see different subnets, but don't understand the bridge mode configuration. the sonicwall has different interfaces that allow you to create different subnets and create firewall rules to filter traffic.  is this the direction you were thinking? with a decent L3 router, you could implement VLANs and access control lists to do the same thing if you didn't want the sonicwall.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

**How are the hotels connected..MPLS, site to site VPN, what?

I think I want a VPN to access an internal computer from florida and 30 miles away.

**I'd implement the VPN at the firewall...sonicwall, juniper, watchguard, cisco...

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

**If you have a firewall that supports VPN, then you can use a secure VPN connection with RDP.

I need the web server connected via a separate router - then to the bridge.

**Why? I'm going to reference here my comment above regarding the DMZ.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

**Why?
0
 

Author Comment

by:ri95
Comment Utility
thanks for your answer -

I want to be secure going in and out.
I want the Posi on a separate network.
I want the guests to have no possibility of reaching my internal network.
There are no other hotels, just management coming in.
On the web server - it connects to the hotel server database to verify availability and it is the hotel database which processes the credit cards for the reservation system.
0
 

Author Closing Comment

by:ri95
Comment Utility
Quick answer also.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
curious. i guess i thought you wanted a discussion. i see you wanted something simpler. wished i hadn't spent so much time going through your question and responding. you might consider in the future putting that up front in your question so other experts don't waste their time on your question.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

Suggested Solutions

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now