Opened on 02/06/2015 at 01:32:17 PM
Closed on 08/26/2015 at 01:22:35 PM
#1962 closed defect (fixed)
Develop a new network scheme
Reported by: | matze | Assignee: | fred |
---|---|---|---|
Priority: | P2 | Milestone: | |
Module: | Office-IT | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | #1961 | Platform: | Unknown |
Ready: | no | Confidential: | no |
Tester: | Unknown | Verified working: | no |
Review URL(s): |
Description
In order to divide our internal network and further improve on security and performance, we first have to create a concept or draft of the target layout. This must include all of the following:
- Reasons and motivation for re-structuring
- Definition of the exact requirements
- Description of one or more possible solutions
- Recommendation for either one, incl. rationale
Also, please make sure to incorporate some information on the current network hardware and try to re-integrate it with the new concept.
Attachments (0)
Change History (3)
comment:1 Changed on 02/09/2015 at 10:14:04 AM by fred
comment:2 Changed on 03/09/2015 at 12:42:58 PM by matze
The current status of the concept is tracked in an own Google Docs folder.
comment:3 Changed on 08/26/2015 at 01:22:35 PM by matze
- Resolution set to fixed
- Status changed from new to closed
- Tester set to Unknown
- Verified working unset
Since the network scheme has already been agreed on and we in fact have applied many of the modifications already, I consider this ticket complete. Further adjustments may follow, however, but that's to be expected during operation anyway.
Reasons and motivation for re-structuring:
The current Eyeo office network (LAN) is kind of a “wild-west” environment where no defined security level can be established because there is no one establishing and enforcing security rules. That is okay from a user’s point of view because no one gets limited in how they setup and use their devices (computers, smartphones, etc.).
But from a company perspective this is probably not so great because it comes with some risks:
Why is the current LAN not secure?
Such infected devices could be used for hacker attacks from the inside (circumventing the firewall) and currently can directly communicate and therefor attack others users’ devices, servers and infrastructure components (phone system, switches, routers, printers).
Results could be:
Suggested solution:
A separate secure / managed network would only allow access to defined devices that are known to be safe because they are
Also, all devices in the “secure network” could be subject to regular (automated) vulnerability scans and/or manual inspections.
An IDS (intrusion detection system) could further enhance the security of that secured network.
Certain types of devices (e.g. smartphones which are also used for private use) would not be permitted on the secure network at all. (They can still be used on the unmanaged network as before.)