Your Co's network architecture

What does the network layout of your company (or companies you've worked with) look like? If you were designing a network in a 2 story building for potentially 500 users, how would you plan out the implementation and how would you secure it? What are the high-end products (firewalls, IDS, etc) that you would use and what plan would you implement for a company that wants to secure a network on a very strict budget?

If I told you, I would have to kill you!

If I told you, I would have to kill alpo.

Damn! Those are pretty tough questions to answer with just that info. Not to mention the length of the answers that would be required to address them.

My network is stratcomm, that is almost top secret information.

tycoon - If you're seriously trying to design something like this, let me know and I'll help you out. If this is a homework project, you really should figure it out on your own. Feel free to post what you come up with and we'll look it over. Hunting's right...for these kind of questions to be fully anwered would take quite awhile. Try to ask questions where you're stuck and we'll get you through it.

The building layout has little to do with how you plan on designing the security.

The questions you should be asking is, how many public servers (web, mail, dns, ftp, etc) does the company have, how many restricted/secure servers (who has access to them), is there a different security policy for different departments, wireless networks, etc? So you can segment the network layer properly with the firewall.

For outgoing connections, try to use an application proxy for each protocol you need/can find (HTTP, SMTP, POP3, DNS, FTP, NNTP, etc). For services you can't find a proxy for, then open up the ports in the firewall, and have an IPS monitor the packets that traverse the firewall's open ports.

The more strict your security policy, the more resources you need to enforce it. There is no magic network product that monitors itself, and its up to the admin to monitor all the logs and reports.

good prescription from warez, ttt.

let the network guys figure that out... I hate that shit

are you asking for IPs and enable passwords?

stephen