Re: Newbie Questions

On 28 Jun 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<1151524465.975589.143660@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, nick wrote:

Geoff wrote:

Davide Bianchi wrote

With 50/100 machines you're gonna need more than one.

And you forgot one basic element, one that you can't get away without:
YOU NEED A SYSADMIN, one that can make all that junk run, and keep your
'network' running.

yeah totaly
if you have this amount of machines, you NEED to employee someone who knows
what they are doing

Don't misunderstand...I'm not doing this myself. I've just always been
curious. The IT guys at work are hush hush about everything.

If you had to put up with the questions they get, you'd be hush-hush too.

I see a router. I see switches. But no one explains.

Is there some compelling need to know? Nope. You should probably start
with the HOWTOs - and then graduate to the "Linux Network Administrator's
Guide" (from the LDP).

I assume that the router connects to the switch. They have like five
switches with 16 or so ethernet ports. They also have a Cyberguard
firewall, I think it is.

Sounds plausible.

So the firewall just firewalls, and the router does NAT, etc. right?

"That depends". The router could be just connecting to another medium
that connects to the upstream, and the firewall is doing NAT. There
are several ways to do things.

Now onto the proxy server, is there a certain point in a company's size
when they REALLY need the proxy server?

Another great big "that depends". You might use a proxy server to act as
a filtering gateway for your employees to reach the net - filtering meaning
that pr0n sites and other things that expose the company to lawsuits are
not accessible (or this could be implemented by _written_policies_ and
firewall rules, or just the policies and threat of instant dismissal
alone). We run a combination of the two. The company's public facing
servers (mail, web, ftp, and maybe DNS) would be better located at some
bandwidth provider's location or a colo, for security, reliability and

Setting up a company network is not a 'follow the recipe' type of thing,
as one size definitely does NOT fit all. It strongly depends on what
the network is for, how secure it needs to be, what access to/from the
world is needed/desired/allowable. And it's not set up on the whim of
a sysadmin, or the company president - who probably would be hard pressed
to choose between AOL and the local cable service provider (which probably
wouldn't present a good image to the public). Likewise, if there is ANY form
of Internet access, there must be written policies in place BEFORE the
hardware is ordered, not after a disgruntled ex-employee takes the
company to the cleaners over a sexual harassment lawsuit. That also means
running those policies past the official company legal-weasel and getting
his/her blessings.

Old guy

Relevant Pages

  • Re: Analysing and configuring IPS/IDS Policies
    ... If you have no faith in the firewall or you are concerned about more ... Remove the IPS from the network. ... policies and logs on those devices. ...
  • Re: How to allow for programs through ISA 2000
    ... Network Proxy Server such as ISA Server. ... firewall or proxy server to perform Smart Update, ...
  • RE: Proxy & Firewall Implementation
    ... go through the firewall from that machine. ... if it's a decent size network they are ... outside the network in a dmz, is to protect the rest of the network ... circumstances when placing their proxy server inside a protected network ...
  • Proxy VS Firewall
    ... does nothing but *hide* your internal network and cache web ... Firewall however will do things such as application filter's, ... Proxy server: Intercepts all messages entering and leaving the network. ... It intercepts all requests to the real server to see if it ...
  • Re: gateway_enable question
    ... >I have my nat running in ppp, and when I disable it, all the network ... as it's a proxy server. ... Lots of guys have suggested the firewall. ...