03-09-2012, 07:59 PM
I am having issues with my advanced security project. Namely trying to figure out which is more Secure: Dynamic NAT or Static NAT, as well as how properly configure them. Before I go into that I'll give an outline of the project. I am to build a secure network that contains a Webserver that must be accessible to the outside world, meaning that you type in its IP address and you go to the site. You must also have a file server as well. After all is done and set up, I am to stop/prevent the other team from getting any classified data off my network, while trying to get classified data off theirs.
Now for the most part I do have a general idea on how I want to set up the network. I also know that I am human and do not know everything. Hence why I am asking for advice/help to secure my network. I'll be typing out a list with the IP addresses / cidr as well as uploading a document that has the general network layout.
-Random Dell Computer
Untangle firewall External IP: 10.20.2.201 /29
Untangle firewall Internal IP: 192.168.1.201 /24
-Cisco 2600 Series Router
Router-A F0/0 IP: 192.168.1.202 /24
Router-A F0/1 IP: 192.168.2.201 /24
Router-A S0/0 IP: 192.168.3.201 /24
-Random dell computer
Web Server IP: 192.168.2.202 /24
-Cisco 2600 Series Router
Router-B S0/0: 192.168.3.202 /24
Router-B F0/0: 192.168.4.201 /24
-Unknown computer
Alpine Firewall IP: 192.168.4.202 /24
Alpine Firewall IP: 192.168.5.201 /24 (Intranet)
-Cisco Switch
Switch
-Random Dell computer
Server IP address: 192.168.5.202 /24
-Various Computers
Workstations IP Range: 192.168.5.203 - 254
Any suggestions would be helpful. And yes, having the IP addresses schema 192.168.(1-5).XXX is not secure. I do intend on changing the ranges when I develop a good schema for them.
Now for the most part I do have a general idea on how I want to set up the network. I also know that I am human and do not know everything. Hence why I am asking for advice/help to secure my network. I'll be typing out a list with the IP addresses / cidr as well as uploading a document that has the general network layout.
-Random Dell Computer
Untangle firewall External IP: 10.20.2.201 /29
Untangle firewall Internal IP: 192.168.1.201 /24
-Cisco 2600 Series Router
Router-A F0/0 IP: 192.168.1.202 /24
Router-A F0/1 IP: 192.168.2.201 /24
Router-A S0/0 IP: 192.168.3.201 /24
-Random dell computer
Web Server IP: 192.168.2.202 /24
-Cisco 2600 Series Router
Router-B S0/0: 192.168.3.202 /24
Router-B F0/0: 192.168.4.201 /24
-Unknown computer
Alpine Firewall IP: 192.168.4.202 /24
Alpine Firewall IP: 192.168.5.201 /24 (Intranet)
-Cisco Switch
Switch
-Random Dell computer
Server IP address: 192.168.5.202 /24
-Various Computers
Workstations IP Range: 192.168.5.203 - 254
Any suggestions would be helpful. And yes, having the IP addresses schema 192.168.(1-5).XXX is not secure. I do intend on changing the ranges when I develop a good schema for them.