Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

A good plan for a secure network setup

Posted on 2011-03-02
7
Medium Priority
?
556 Views
Last Modified: 2012-06-21
I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

I also maintain a wireless system for the guests.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

I think I want a VPN to access an internal computer from florida and 30 miles away.

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

I need the web server connected via a separate router - then to the bridge.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

does this sound right?
0
Comment
Question by:ri95
7 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 2000 total points
ID: 35024006
You need just one router for this and one managed switch. The router will govern all of your WAN->WAN, WAN->LAN, LAN->WIRELESS, etc... rules and permissions by creating Network Objects which are groups of IP addresses or MAC addresses and applying permissions to them. You will need a switch for each subnet that comes out of the managed switch. LogMeIn will work without any trouble as it uses port 80 and 256-bit encryption so no other security is needed for that. If you want super secure you make all the computers connect via VPN into your protected server and you isolate it (on the managed switch). The wireless can be handled by a good router as well. I highly recommend you go here: http://www.sonicguard.com/TZ210Wireless.asp and check out the appliance I link to. It's spendy but it is extremely secure and very good at what it does.
0
 

Author Comment

by:ri95
ID: 35024057
Thanks - I have tried working with Sonicwall and found it difficult...don't you think NetGear has good units?
0
 
LVL 8

Expert Comment

by:nwtechdesk
ID: 35024114
I've seen too many netgear routers and switches fail.  Start with quality switches like HP Procurve and consider the Sonicwall as a good choice but a lower end choice.  The sonicwall is easy to work with if you use their built-in wizards.  Fortinet would be a better solution but it may not be in the budget.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:digitap
ID: 35024340
i'm not sure i would rank the sonicwall on the lower end choice. in the end, it's how it's configured that makes the difference. but, you should get what you believe will be reliable and will be easy to work with. i would actually consider netgear to be a lower end choice, but that's me. HP makes good switches. i have a radiology group with two NSA 3200 in HA mode. i have about 15 site to site vpns connecting to a plethora of routers, ciso, juniper...even a linksys. we don't have any issues with the hardware. we've deployed an ssl-vpn appliance used to implement user VPN connections.

my comments to your question specifically:

I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

**since you have your internet web server tying into a internal database, i'd put the web server on a DMZ and open the appropriate ports back to the database. it's best practice anyway.

I also maintain a wireless system for the guests.

**sonicwall does wireless guest services well. although, i've never been impress with the guest authentication methods. of course, i've not implemented it with their NSA models...only the Pro Series models.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

**Why? What type of security are you wanting to implement here? i can see different subnets, but don't understand the bridge mode configuration. the sonicwall has different interfaces that allow you to create different subnets and create firewall rules to filter traffic.  is this the direction you were thinking? with a decent L3 router, you could implement VLANs and access control lists to do the same thing if you didn't want the sonicwall.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

**How are the hotels connected..MPLS, site to site VPN, what?

I think I want a VPN to access an internal computer from florida and 30 miles away.

**I'd implement the VPN at the firewall...sonicwall, juniper, watchguard, cisco...

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

**If you have a firewall that supports VPN, then you can use a secure VPN connection with RDP.

I need the web server connected via a separate router - then to the bridge.

**Why? I'm going to reference here my comment above regarding the DMZ.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

**Why?
0
 

Author Comment

by:ri95
ID: 35026461
thanks for your answer -

I want to be secure going in and out.
I want the Posi on a separate network.
I want the guests to have no possibility of reaching my internal network.
There are no other hotels, just management coming in.
On the web server - it connects to the hotel server database to verify availability and it is the hotel database which processes the credit cards for the reservation system.
0
 

Author Closing Comment

by:ri95
ID: 35032717
Quick answer also.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35033607
curious. i guess i thought you wanted a discussion. i see you wanted something simpler. wished i hadn't spent so much time going through your question and responding. you might consider in the future putting that up front in your question so other experts don't waste their time on your question.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question