Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Network Topology

  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Topology

    Ok this one kinda sits within a few different areas so apologies if its not posted in eth correct place.

    We currently hold a load of "sensitive" data for our clients which we have to have quite stringent controls on. We also have other company data which isnít as sensitive. We have x3 different domains based across x3 different sites. We have been tasked with a re-design of the network so the users who donít have access or need access to the sensitive data have less restrictions on their day to day lives (use of usb drives, access to webmail etc etc..). On top of this we are moving all out services to a data centre.

    The end goal is to have x1 domain for everyone in Europe which encompasses the above.

    My first thought was to duplicate the network setup so we have x2 networks with the same services / systems on and keep them on different ip ranges / vLans. Or create a sub domain for the client data so the security would be based on windows authentication.

    Obviously if we do this its going to mean we have to have x2 of every server (x4 for redundancy) which is going to get expensive. If we did this wow

    We predominantly user Citrix as the environment where we work the sensitive data so we would have to have x2 Citrix farms.

    At some point I think we wood have to have a cross over with some servers talking to each other like exchange.

    Does anyone else have any thoughts on how to achieve this?

  • #2
    Re: Network Topology

    AppGate Security Server

    This looks like it could be a contender along with segregating the network using VLANS & segmentation


    • #3
      Re: Network Topology

      What security requirements do you have is the big question. I can do segmentation of traffic with VLANS and access control lists but that approach requires alot of hands on planning and configuration. Dot1x authentication at the switch layer is another good tool, but your switches have to support it and you need at a minimum a radius server.

      Best thing you can do is get a policy on paper or diagram of what your trying to accomplish, what equipement you will need etc and start there. Good planning and implementation will save your tons of headaches.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)