Greetings all. I am working on a project to increase the security on a
small LAN (less than 20 users). This LAN has a live connection to the
internet via a 56Kb Frame Relay pipe.
So far the requirements are to set up an internal web server that can't be
accessed from the Internet, to prevent SNMP scans from the Internet, to
prevent Telnet from the internet, and to prevent IP Spoofing. There is also
a requirement for reporting break-ins to a syslog server. An external web
server and FTP server will also be setup running NT 4.0.
I've been looking at using private addressing on the LAN with a NAT between
the LAN and a DMZ. The NAT will be a Cisco 2500 running their new 11.2.1
release. There will also be a Cisco 2500 between the Internet and the DMZ.
I will be using the Cisco's as network layer firewalls by using extended IP
Access lists.
Are there any application layer firewalls out there that would be usefull
for a small LAN such as this? Can anyone recommend a few to look at? Does
the above plan sound coherent?
Also, in an unrelated request, does anyone know of a good Windows NT mailing
list or perhaps a place that holds a list of mailing lists?
Thanks,
Irwin Lazar
Network Evolutions, Inc.
Follow-Ups:
|
|
