Re: Secure WAN Setup (Possibly off topic?)

["David M. Fetter" <david.fetter () fetterconsulting com>]

I would recommend going with a linux based firewall solution using 
iptables.  You could then add-on freeswan for vpn support and the whole 
thing would only cost what you wanted to spend on two systems one on 
each end.  If you spend even less than what they want you too, they'll 
probably like you a whole lot.  ;-)

P.S.  You could use fwbuilder to help with build the iptables rules in 
the event you don't want to do it manually.

Chris Berry wrote:
> Our company is considering splitting off one of the divisions into a 
> seperate entity at another location.  My boss has asked that I provide 
> him with a WAN proposal with recommendations, costs, etc.  I know the 
> theory, but I haven't implemented anything like that before.  I'd like 
> to solicit comments on how to set this up in a secure, effective 
> manner.  Does anyone have any advice, warnings, comments, thoughts, etc.?
>
> To help define the scope of this question here are a few facts:
>
> The main company will be about 40-45 employees at one location, this is 
> where most of the hardware will reside.
> The secondary company will be between 15-30 min away and employ about 
> five people.
> The secondary company will have a much more strict security setup than 
> the main organization due to the nature of their work.
> The budget for this setup is probably less than $5000 though thats still 
> a grey area.
> I need to decide if both organizations should continue sharing a main 
> database, or if the second organization should purchase their own.
> I also need to decide if I should stay working for the main company and 
> have them hire me out to the subordinate organization, or recommend that 
> I become a contractor who works for both.
> Leased line or Internet VPN?
>
>
> My initial plan is to set up a server on site at the 2nd location, and 
> use that for necessary servcies like dhcp, logon, etc.  Then create a 
> vpn tunnel through their T1 line to the main location where the file 
> servers, email, database, etc. will reside.  The solution will probably 
> involve a mix of Linux and win2k.
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "Linux and I have a love/hate relationship.  I hate its complexity until 
> I figure out how something works, then I love its power."
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
> http://join.msn.com/?page=features/virus


--
David M. Fetter - http://www.fetterconsulting.com/

"The world is full of power and energy and a person can go far by just 
skimming off a tiny bit of it." Neal Stephenson - Snow Crash