Cybersecurity

HERE is an IDea of what our serve room looks like. as far as the server racks and the switch racks go. There is more to the room, and more stuff in it but this is the stuff we are talking about. The Modem is T-1 that is our only signal coming into the building for Internet.

DAMN i created the file but i can not insert the image, it is not hosted anywhere. I am going to send it to your Forum box, assuming i can, so you can see what i am working with.

When you get it, you will see our rack. What i would LIKE to do is in the rack put 1 or 2 for redundancy, OpenBSD servers in there, to run the firewalls. Now these will be Xeons with like a gig of RAM so i would almost use them for more than just firewall purposes, but that is just a possibility, i am sure we can get a low end server for this purpose. ALL of our Servers are DELL or worse... (Supermicro). I am encouraging my company to switch to IBM servers or something else. Either way, i will try to send you the file so you can see what we have NOW, and that will help define possible advice for this project.

Sending now.

Apparetly i can not send you a message... SO i will try and see about getting the imagine hosted or something by 12:30.

Here we go. Hosted the picture on Yahoo.



The image itself kind of sucks, i was trying to save space and not take too long as well. Either way it kind of illustrates our problem :-P

As i said, most of the Racks are Dell 1850 - 1U, Dell 2850 - 2U, Dell 6500 6U.

total of 6 Nortel Baystack switches (48 port) 2 nortel Baystack switches (24 ports). All at the top on the switch rack is just our patch panels. They plug directly into the 2 network switches starting form top to bottom.

If you think this is bad, you should have seen it before my bosses started to clean it all up.

I would advise against using your firewall boxes for anything other than firewalling. The more services you run on a box, the more vulnerable it becomes. Your firewalls should be rock solid bastions of defence. As for your rack config, the physical layout of your boxes in the rack isn't really the issue*, it's the logical configuration you should be more concerned with. Don't just focus on your firewalls, take a layered approach to security models and think about all of the traffic, services, users and data that your systems involve.

I can't view the image you posted. I use ImageShack to host images for stuff like this forum, check it out. Post a visio diagram of your network layout (**NO real external IPs/Addresses or other company identifying information!!**) if you can ...

* I won't go into UPS, power & cooling considerations for now.

I would never post that sort of info ;-) As for cooling, no worries, we had a special AC unit installed for the room, it is currently sitting at 71F right now :-) And as for backup power, we have a HUGE mother of a battery. The whole room is on it, it has enough charge to last for over an hour. Bout an hour and a half i think it is.

Rack Image

I can not get the image to embed in the into the post but the link to it is now above.