Hi everyone, i need help choosing the best topology for my soon coming home network, (more like room network), i got the topology designed but i need someone who is a professional/ expert to verify and/or improve the overall security of the network. I will be using only cisco devices as it will help me to practice on in the future and they make quality hardware.
Anyway, All i want is a network that will have a NAS Drive, 3 IP Cameras (Paranoid + cautious) and a firewall.
The security of my NAS drive is at the utmost priority, the cameras are there to help me see what is happening inside the vault (more like a room with bomb-shelter thick walls and an industrial grade door) and sleep better when im not home. (Happends allot). Money is not an issue, its the security that is. (Got some people that are not very happy with my work and will go through great deal of trouble to get to my work), I will be accessing the drive all the time so it has to stay available all the time. Hence the UPS drives and hence the security.
Many people said that having separate firewall, router, and a switch is the best setup you can get in terms of security and other people said exactly the opposite. Please clear the confision.
Re: Need help on topology design
8 years 3 weeks ago #35108
You seem to have keen interest in security so the setup you have there is just what you need. But i must say that those are just pictures, what matters most is the configuration done on the equipment. Using the configuration, then an expert can tell u if your network is secure or not. Post a similar config to what you will configure on your router,switch & firewall then we'll know if ur good to go.
However, you seem to have protected urself from outside attacks, what if someone were to physically access your equipment from your home? Have you thought about that??
Passwords, Passwords, passwords.
8 years 3 weeks ago #35112
I got 12 Password sets each is different from the other, each set contains a BIOS Password, USER Login Password ,Admin password, firewall, router, switch, cameras all get different passwords passwords they vary in length because of the different limitations of programs (example: in the bios you can have a password that is maximum of 8 characters - Award bios), Passwords rotate each month, every year gets 12 new sets.
Been doing that for years now, no one can access that, hell i cant access that if im coming back from a party drunk (48 numbers are still not your ordinary password and hard to remember even when you are sober)(Probably a good thing). The NAS drive will get the utmost security, 24 password sets that are again, rotating each 15 days and each year new password sets. (I couldn't get the biometric scanner because i wont be there all the time and i dont want anyone to chop my finger off to access - Heart beat sensing biometric scanners are VERY Expensive).
Oh and did i mention the bomb-shelter 3" thick steel door?.
In terms of security management i got almost everything covered. I Will get a vault to store the passwords inside - coded so only i will understand the code. The vault is a custom made vault With an RFID chip reader (Works on the 134 kHz. so i have to get very close to the vault for it to open) The challenge is the logical network security in terms of firewall flaws.
Are there any IOS Switches that are 16 ports and are 19" Rack standard? Can you recommend a good firewall (again, 19" Rack)?
Re: Need help on topology design
8 years 3 weeks ago #35116
you mentioned you wanted to use cisco kit so you could practice on it? which i am guessing means your not to confident on the setup of this equipment?
firewalls are not just plug and play, you need to know what you are doing to set them up. so given the lengths you have gone to to protect yourself from internal attack, why dont you get a proffesional in to configure it for you, the topology looks OK, but as someone else has mentioned your config is going to be your weakest point if not done correctly.
Cisco SGE2000 does not have a CLI, it is web based, as it is classed as a small business express switch, if you want to study for your CCNA, then you are better off avoiding this.
depending on your budget, i would go for something like the 3560 or 3560G (this way you could get rid of the router, as this is a multi layer switch, and could do all your routing for you.
the 2901 does have the IOS on it, so can be managed from CLI
The difference between the ASA and PIX is quite vast, to start with the PIX is discontinued, but will cost you about 1/4 of the price of an ASA. The ASA is alot easier to manage, and has alot more features.
Also, make sure your instructor knows what they are doing, the CCNA Security dosnt actually cover any firewall configuration, that is all done at the CCSP level ( thats not to say they wont know what they are doing, but dont make assumptions based on thei certifications!!!!!!!)