New network design, advice please

Special Ops

p { margin-bottom: 0.21cm; } Ok am designing a network from scratch for a small business handling personal information.low level mobility but confidentiality is important.



One main center one office and six smaller centers.


Here's what i have so far. All smallers centers have laptops. Whole drive encryption on each laptop for prob;ems with possible theft. VNC software for updates and trouble shooting. Not sure about VPN to main server as i like the look of web based interface to a cloud server (advice).


Main center will have server for backups and centertralised data storage. Wifi network is in place security is WPA, all access points have a static IP address. Also looking at putting a pfsense firewall/VPN unit in for VPN connections and NIPS will be using Snort. Office will have a smaller backup rig, office work and center work do not overlap. May include VPN for those moments when access is needed.


Spybot
avg anti virus
truecrypt for the whole drive encryption
pfsense on freeBSD
all machines running windows 7
server ubuntu
VNC open to suggestion but must be able to run remote, I hear VPN and VNC are not great together. Logmein is a choice but I run ubuntu and would like to use something that works with both. may be open to dual boot but dislike windows.



All suggestions or comments welcome as I haven't done this level of project before


thanks :cool:

longshotvalue

Whatever you do dont use AVG, its really bad.. shockingly slow

VNC will be unusable over VPN.. Logmein will be a lot better or RDP even better again..

A linux server and a load of free software spells trouble for me anyway.. Good luck with it tough..

Kinetic^

Spybot is also terrible, has slipped in the last couple of years.

rolion

What type of IT budget you have for the project OR you're going for a tender/quotation !?


Qs:

1.how many laptops/users in the remote offices?
2.is it VPN to main office or link to cloud we talking here !??
3.forget the VNC,how do you open the firewall ports for each laptop !?
4.what type of xDSL lines on remote offices and on main office !?
5what type of firewall you have on remote AND on central office ?
6.forget WPA,get Sonicwall Sonic Point,that uses WiFi on a separate wireless network address,you have 3 zones:WAN,LAN,WiFI (you mention security/confidentiality here...).you can even go a step further and use "open" wifi but only allowed for "VPN over WiFi" traffic !
7.if enough laptops in remote offices,get a sonicwall PRO version for main office,then TZ series for remote ofice and create VPN site-to-site,hub&spoke on a second VPN dedicated SDSL line!
8.if you buy Sonicwall,buy Comprehensive Gateway Security option,is doing all security services at your entrance from WAN to LAN: AV,IDS,IPS,malware,spyware,antispam
9.change AVG to Symantec Endpoint Protection,has 5 modules/layer of protection for client computers.
10.Get SBS2011,get Windows 7 laptops encrypted with Bitlocker,enable and properly configure NAP on server and on laptops.
11.for remote support,there are lots of applications,attended/unattended to use ,better than VNC

more to come here...depending by your budget or price !

good luck

Special Ops

thanks for the replies

have had a lot to think about

on the budget side this is shoestring as its a not for profit and no funding for the fancy stuff.

sonic wall looks great, will do all i need but can't afford it. the pfsense will do the job for a fraction of the price so i'm going with that.

trend micro do an antivirus that can cover the content filtering in the remote centers and the pf sense will manage the main center with wireshark. i know this is a bit more fiddly but there really is very little in the fund.

i'll figure out something on the remote desktop thing to work with linux or will just use logmein on a pc.

the cloud is gone as boss doesn't trust it, i'm lucky to get this much

if any more advice let rip lads,

thanks

the ops;)

PogMoThoin

Kinetic^ wrote: »

Spybot is also terrible, has slipped in the last couple of years.

The immunisation feature is still pretty good, just not the tea timer. I usually install it, immunise and disable the startup entry

rolion

Thanks for update..

I can assist you free of charge if the project is for non-profit !
The only "limitation" that i have is i am not comfortable using "open-source" and/or "free" solutions in a highly confidential business/non-profit environments.

If you looking for someone to work with you,please let me know and i will be happy to help you. Is gonna be challenging and a learning curve for me...

Regards.

Special Ops

thanks rolion fore the offer, this will probably be a long slow process as the company is not tech friendly at the moment. i'll let you know if i need a hand.

thanks

Special Ops

Untangle lite, might just do the job without the steep learning curve, still have a play with pfsense, smaller and faster. i wouldn't be too critical of open source, some of the best stuff out there is open source. unix, linux, freeBSD,snort, nessus. pay for the support and some premium stuff but for the little fella you can top quality for little money.

longshotvalue

If this company are a regestered charity or not for profit org, they can get microsoft and Symantec software for almost nothing..

Well worth looking into..