Network Plan - Is this secure enough?

  • This is a network plan for my workplace, can you guys spot any problems?

    Here's a quick overview:

    The staff use a db program to process orders on the SQL server, the SQL server is "locked down" and can only be accessed by the staff(limited to certain ports) and me the admin.
    The wifi and the "dirty computers" can only access the internet and under no circumstances can they they talk to other computers on the LAN.

    I want to run samba on one of the staff computers so that one computer can handle the printers and be a WINS server so the staff can access each others shares.

    Unfortunatly i'm running Windows XP pro on all the machines exept the SQL server (Win 2003).

    Also would it be wiser to use a Wireless access point or a mini-pci card?

  • Why do you need a secondary firewall? Everything that the secondary fw stops can be stopped at the main router/firewall,  unless it is a different kind of machine.

  • we've got one spare so we might as well.

  • If you have a spare machine I would set up a carp cluster instead of having 2 firewalls behind each other. It's less administration too.

  • unfortunately the spare machine is going to be the NAS server. I could just use a switch etc.

    anyway which Mini-pci card is recommended? I need one which can do b/g and WPA2.

Log in to reply