Network Status
* Internet connection via ADSL and
* Have a proxy server Proxy
* Primary domain controller is Windows NT4.0
* The number of users is about 35
* The current network topology shown in Figure:
Design
Network Analysis
At present the main problems:
* Huangpu Office points to a remote connection with the Headquarters;
* Data backup every week;
* Did not consider the security of network;
* No sound and effective anti-virus system.
Network Strategy
In response to these problems, we offer the following solutions:
1, for DDN data line, with a legitimate IP address, ADSL as a backup line;
2, used as an external access to the Nokia IP300 network platform;
3, installation of CheckPoint Firewall-1 firewall, internal network to prevent hacker attacks;
4, with the encryption module of the company virtual private network for mobile users secure remote access;
5, the implementation of flow control, guaranteed bandwidth for critical applications;
6, install the remote access server WINNIN RAS2600, support for fixed and roaming the user's call-back;
7, with ARCserver 2000 backup software data backup;
8, an upgrade of existing operating systems, and configuration easier to manage and improve office efficiency.
Detailed design
According to International Data Corporation survey in 2000, the most critical network security issues are as follows:
* Unauthorized access (hacking / destroyer of the attack) 21%
* Prevent the malicious code attacks (including viruses) 17%
* E-mail Security 15%
* 14% of remote access security
* 8% of e-commerce security
* VPN security 7%
* Single sign-on 6%
* Other 7%
Currently the corporate network similar problem also exists (Ru remote Lian Jie and safety, etc.), so how Chongfenfahui network of Xiaoneng, in the remote connection, Internet Fangwen premise, Bao Hu Bu network infrastructure by internal or external malicious threats , such as service interruptions or hacking, etc., that we have to solve the problem.
The design followed by design principles are: openness, standards, flexibility, advanced and scalability.
1 data line for DDN
* DDN business and business than the traditional analog line, there are many advantages: high transmission quality, latency, communication speed can choose according to user needs. Circuitous route automatically, ensuring high availability rate of the circuit. Fully transparent transmission, can support data , image, voice and other multimedia services.
* Can have a legitimate IP address;
* This is the realization of other applications of the key.
2, as the network platform with the Nokia IP330
* Because Nokia IP330 with an integrated router / firewall mode, the firewall applications do not need to separate the Internet or Intranet access router;
* Preloaded with Checkpoint FireWall-1 firewall software;
* Configure routing, enable DDN as the trunk lines, ADSL lines as a backup.
3, install a firewall at the gateway to establish a virtual private network
* Huangpu Office Locations and mobile users can visit the company's Internet site, and in the public network to transmit Internet data through automatic encryption, not afraid of being stolen;
* Protect the internal network from hackers.
4, bandwidth management to ensure mission critical applications
* In the enterprise network applications, users often feel that the leased network bandwidth and the actual proportion of network bandwidth used, then the bandwidth is wasted in there? As Internet applications agreement competition, often multimedia applications (such as RealAudio) occupied bandwidth of the bandwidth than other applications and more. A simple way is to add additional bandwidth, but this is not an effective means to increase because of the additional bandwidth case, the various Internet apply the same will happen to occupy the bandwidth of the situation. Therefore, the application to carry out different bandwidth management is the key to solving the problem.
5, configure the remote dial-up access server
* Use WINNIN RAS2600 as the access server, the 16 V90 56K Modem set as a whole;
* Enables fixed and roaming call-back security measures, while in remote offices to achieve security.
6, a backup system and the Proxy Agent
* The original Novell netware security server to backup server and save the investment;
* Installation of Windows2000 Server and ARCserver2000, automatic backup of data, either using a tape backup, you can also backup to disk, tape backup of the program proposed in this machine to install HP tape drive;
* Install Microsoft Proxy proxy ISA2000, Internet cache files retrieved to improve Internet performance;
* The server may be used for the management of Checkpoint and Nokia products client.
7, upgrade the existing operating system
* Upgrading from Windows NT4.0 Server to Windows 2000 Server;
* The desktop operating system from Windows 98 to upgrade professional 2000;
* Make the system more stable and easier to maintain and manage
8, at the gateway anti-virus installed on Nokia wall
* At present Internet has become the main way the virus spread, antivirus at the gateway wall, inside the virus into the net removal;
* Webshield for Nokia is the world's leading anti-virus wall;
* Online updates virus signatures automatically from code, to ensure that interference from new virus
9, why in the original IP firewall in the network are still using Checkpoint firewall?
* The net Ip firewall is a packet filtering firewall can detect the third layer of the network (ie network layer), Ip address for the filter; no encryption module, a virtual private network can not be achieved;
* Checkpoint its proprietary state detection technology in the firewall market share leader in its international market share of 41% of the firewall, in May this year, Checkpoint officially enter the Chinese market;
* Checkpoint firewall to the network can detect the seventh layer (ie application layer), can be more attacks defenses with high security;
* Checkpoint powerful encryption module, can achieve a virtual private network, and its unique SecuRemote enables mobile or fixed users via Internet to the internal network, the Internet transmission of the content is automatically encrypted.
Based on the above points, we propose a dual firewall architecture, Checkpointfirewall external, can achieve a virtual private network, Nokia IP also as a router, configure the foreign visit of the route, while the network including IP Firewall, which many government departments, security agencies , banks to the typical application.