Secure VPN / Proxy / Mail server - how much does it cost? 1

[celens]

Dear All,

I first want to apologise using this nice web site decicated for technical people as I am not responsible for
tech matters but well for purchase and budget within my company. Please help anyone...

Due to recent security problems,my Direction is requesting me a quick budget estimation for the following solutions (average
of course as I guess it really depends of product and options)
Note : this is concerning about 200 nodes network, 2 offices.

- Internet : firewall, proxy/cache, virtual Network
- Local Network Management : DHCP, LDAP
- incl. Wi-Fi access point
- VPN (office 1 to office 2)

or

- Secure Internet Gateway
- Connection sharing
- Integrated Firewall
- possible Proxy/cache
- wireless access point

also

- mobile VPN (for users working outside of the office)

- Mail server with antivirus, antispam, trojans...

- Backup to data center (encripted transmission)

It all need to be as much possible encrypted and secured...but I am not looking for a Rolls Roys as well :- )



Thank you in advance for any information

Kind Regards

Christophe

 

[gb0mb]

The first question I would ask is if you have some sort of budget constraints.

To accomplish what you want it can be approached from a few different ways. Well allot more than a few.

I would suggest talking to a person in your IT department about what they suggest. Going out and buying the best equipment without someone internally able to support it can cause serious security risks, not to mention if you have to higher an outside consultant to come in and set it up for you.

Are all your end users using Windows?

Do you wish to have people access core resources via the access point?( Not to safe, can't rely on WEP WAP ect)

Connection Sharing? Load Balancing multiple ISPs?

Do you need the integrated functionality of an Exchange server?

Mobile VPN, I would suggest getting mobile users secure tokens.

Do you have centralized authentication or is it just one big workgroup?

The list goes on.

If you do not have the people on site to guide your company in the best direction, I would either higher a consultant or maybe start soliciting proposals from companies that do this on a regular basis.

I wish I could rattle off a list of things to buy but this needs to be a thought out project.









Gb0mb

........99.9% User Error........

 

[celens]

Thank you very much for your kind reply which seems already
interesting, from what I know.

I do not know if you will read this but I am going to reply
shortly to these questions in the case that someone can provide me some market price information.

Our IT Dep is currently beeing reorganized and our Direction
is for the time beeing willing to outsource the project, so that our IT colleague would be involved but not leading the
new projects.

- the majority of end users are using Windows...but not only
However, this situation is not logical and Windows should
be used by 100% of our end users in near future.

- acces to information from access point should ideally be restricted , depending of the users (shared in different level of access)

- We would like to cenralised the authentification


I can unfortunately not answer all the questions as it is getting too technical for me and I do not have the answer so far.

In few words, what we are looking for today is a secured but user friendly package...the details will probably depends of what we can get for an reasonable budget...but I still do not know what would be a reasonable budget for this and I do not want to ask this question to consultant's sales representatives without having a first objective opinion:- )


Kind regards

Christophe

 

[gb0mb]

I would not hesitate to question consultants. Atleast a few of them. Then take their quotes and search the items through Google or other price sites to see who is trying to make a killing off selling you hardware. Also I know for a business minded person you go with the lowest bid. For IT work saving a few thousand could cost you 10's of thousands.
Go with a company even if it cost a decent bit more that is reputable and can provide reference from other happy customers.

If you are going to outsource this project I would probably look for a Microsoft Solution.

I am torn because I am a linux/bsd person and it unsettles my stomach to recommend Microsoft. However I think it will be an easier transition for you.

Standard Microsoft practice I think would suggest that you need two domain controllers.

The next thing I can think of is your mail server. It is a tough call. You can pay allot for exchange. If all you wish is to have email, then I might suggest a linux/bsd alternative. If you want the functionality of shared calenders, unified messaging, and all the bells and whistles of exchange, then go for exchange.

For your firewalls you have allot of choices. You can make a BSD routing stateful firewall for very little money.

However most companies seem to feel that they need a name brand piece of dedicated hardware. I get the feeling your company will also. So I would suggest:

Cisco ASA 5510 Firewall for each site. You can buy add-on anti virus and spam filtering services. It will easily handle your mobile vpn users also. I think it also allows for you to set up a direct IPSEC tunnel between sites. I cannot see why it wouldn't.(I have never done it so I am not say it does)

For your Wifi I would suggest that you make all users who connect via wifi use the VPN as tho they were actually coming in from the internet. Wifi is a big security risk.
If all you wish is for your Wifi users to have internet access with no access to you internal network then making them VPN would be a slight overkill.

If you go with a complete Microsoft setup, they have a product called ISA Server. I know that it offers proxyh features andis a firewall. It will also proxy your OWA(Outlook Web Access aka web mail). I have read opinions that the ISA is a questionable product. I am not sure either way on it. You would need to research it and make your own educated opinion on the product.

For local network management, DHCP and ldap and so on your Windows Domain controllers will provide that plus DNS and a few more services.
If in the future you look to include Linux or BSD servers desktops ect and wish to bring them into the loop, I use a Samaba Server to authenticate into an Active Directory. I hear that Samba 4 will be out soon and that it will take the integration to another level. Also that it will be a competitive Free alternative to Windows.


Please note I am not a windows/microsoft person. I am just offering advice on those products from the limited experience I had with them.

If I was to approach this. I would build everything on OSS.
I would keep the cisco devices on my list, as I am a cisco fan boy. It is not because Cisco is more secure than other things it is that it is a very common appliance in many organizations and the more familiar I am with it the more marketable I am.

One other thought,

For the amount of money it would cost you to hire a consultant to deploy a Microsoft infrastructure you probably could direct hire a person to do it open source for you for a year if not more...lol well maybe.

Good Luck.




Gb0mb

........99.9% User Error........

 

[celens]

Thank you so much for spending your time on my question.

Your informations will surely help me


Kind Regards

Chris

 

[gb0mb]

It is allot of work for someone who is a technical person. So I wish you the best of luck.



Gb0mb

........99.9% User Error........