Solved

A good plan for a secure network setup

Posted on 2011-03-02
7
541 Views
Last Modified: 2012-06-21
I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

I also maintain a wireless system for the guests.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

I think I want a VPN to access an internal computer from florida and 30 miles away.

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

I need the web server connected via a separate router - then to the bridge.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

does this sound right?
0
Comment
Question by:ri95
7 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 35024006
You need just one router for this and one managed switch. The router will govern all of your WAN->WAN, WAN->LAN, LAN->WIRELESS, etc... rules and permissions by creating Network Objects which are groups of IP addresses or MAC addresses and applying permissions to them. You will need a switch for each subnet that comes out of the managed switch. LogMeIn will work without any trouble as it uses port 80 and 256-bit encryption so no other security is needed for that. If you want super secure you make all the computers connect via VPN into your protected server and you isolate it (on the managed switch). The wireless can be handled by a good router as well. I highly recommend you go here: http://www.sonicguard.com/TZ210Wireless.asp and check out the appliance I link to. It's spendy but it is extremely secure and very good at what it does.
0
 

Author Comment

by:ri95
ID: 35024057
Thanks - I have tried working with Sonicwall and found it difficult...don't you think NetGear has good units?
0
 
LVL 8

Expert Comment

by:nwtechdesk
ID: 35024114
I've seen too many netgear routers and switches fail.  Start with quality switches like HP Procurve and consider the Sonicwall as a good choice but a lower end choice.  The sonicwall is easy to work with if you use their built-in wizards.  Fortinet would be a better solution but it may not be in the budget.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 33

Expert Comment

by:digitap
ID: 35024340
i'm not sure i would rank the sonicwall on the lower end choice. in the end, it's how it's configured that makes the difference. but, you should get what you believe will be reliable and will be easy to work with. i would actually consider netgear to be a lower end choice, but that's me. HP makes good switches. i have a radiology group with two NSA 3200 in HA mode. i have about 15 site to site vpns connecting to a plethora of routers, ciso, juniper...even a linksys. we don't have any issues with the hardware. we've deployed an ssl-vpn appliance used to implement user VPN connections.

my comments to your question specifically:

I have a hotel, with  Positouch System for the restaurant area which takes credit cards on about 6 terminals.
Plus a hotel network of computers which tie into a web-based reservation system. the web-based system allows for on-line bookings and payments. We have the server on premise, it ties into another server for local access to the database. The Possi system uses one Credit Card Processor, connecting by Internet ( with a fail-over dial-up). The hotel reservation system uses another provider - which is handled via the web.

**since you have your internet web server tying into a internal database, i'd put the web server on a DMZ and open the appropriate ports back to the database. it's best practice anyway.

I also maintain a wireless system for the guests.

**sonicwall does wireless guest services well. although, i've never been impress with the guest authentication methods. of course, i've not implemented it with their NSA models...only the Pro Series models.

I think I need a Netgear Router in bridge mode to connect to the Internet and link us via a switch for the hotel network (on a different sub net).
another NetGear router to connect the Possi system to - which in turn connects to the bridge.

**Why? What type of security are you wanting to implement here? i can see different subnets, but don't understand the bridge mode configuration. the sonicwall has different interfaces that allow you to create different subnets and create firewall rules to filter traffic.  is this the direction you were thinking? with a decent L3 router, you could implement VLANs and access control lists to do the same thing if you didn't want the sonicwall.

I need to be able to access the Possi system from at least two or three hotel computers...I think I can do that with router settings.

**How are the hotels connected..MPLS, site to site VPN, what?

I think I want a VPN to access an internal computer from florida and 30 miles away.

**I'd implement the VPN at the firewall...sonicwall, juniper, watchguard, cisco...

I need to have LofMeIn on the accountant's PC so he can log in for accounting.

**If you have a firewall that supports VPN, then you can use a secure VPN connection with RDP.

I need the web server connected via a separate router - then to the bridge.

**Why? I'm going to reference here my comment above regarding the DMZ.

I need the wireless on its own sub net and connected to the hotel lan for interent service using its own DSL line (shared by one other computer).

**Why?
0
 

Author Comment

by:ri95
ID: 35026461
thanks for your answer -

I want to be secure going in and out.
I want the Posi on a separate network.
I want the guests to have no possibility of reaching my internal network.
There are no other hotels, just management coming in.
On the web server - it connects to the hotel server database to verify availability and it is the hotel database which processes the credit cards for the reservation system.
0
 

Author Closing Comment

by:ri95
ID: 35032717
Quick answer also.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35033607
curious. i guess i thought you wanted a discussion. i see you wanted something simpler. wished i hadn't spent so much time going through your question and responding. you might consider in the future putting that up front in your question so other experts don't waste their time on your question.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question