I'm currently involved in a project where a client wants to redesign the network. They have a private line to our infrastructure, but without any restrictions. The issue they currently have is that their internal network design is a mess; anyone can plug in anywhere and gain access to their servers.
Dividing the network and placing logical restrictions on each grouping is a step in the right direction. The issue is that they use loads of custom software solutions created by specialized vendors. Gathering information from the vendors themselves on how these solutions work on a network-level is an administrative hell. So I'm tasked with analyzing the traffic that enters on our end and analyze the connections. Their DHCP servers provide some grouping (LAN-WiFi-VoIP/building scopes).
They would like to create a standard for all firewalls on-site and for the firewall on our end. So I'm looking for a way to analyze all incoming traffic over a specific interface (their MPLS line) and monitor which IP's use which ports. Based on that, we can create a template for access rules that are more restrictive.
What is in your experience an efficient way to gather such information and analyze such traffic? I have currently looked at netflow solutions, but there are loads of traffic analyzers out there that may be too advanced for what I'm hoping to achieve. I was wondering whether there are any straightforward solutions. Any tips or experiences on internal network design are also much appreciated!
No comments:
Post a Comment