This section explains how Tom determines his needs, and plans, designs, and imple- ments a firewall with VPN.Tom learns more about the available features, differences in firewall technology, and costs of different vendor solutions.Tom proceeds by:
■ Determining the requirements.
■ Analyzing the existing environment.
■ Creating a preliminary design.
■ Developing a detailed design.
■ Implementing the firewall with VPN and modifying the network.
www.syngress.com
Case Study: SOHO (Five Computers, Printer, Servers, etc.) • Appendix B 241
Internet
Desktop
`
`
`
`
Desktop
Children’s PCs
Fileserver DSL Router
Printer
Tom begins his investigation by:
■ Determining the functional requirements of his family and business.
■ Talking to local user groups for recommendations.
■ Drawing a physical map of his home.
Determining the Functional Requirements
The users of the network are Tom, his wife, and their children.Tom and his wife both use the Internet for recreational purposes, and for the home business. His chil- dren use the Internet for school projects, and gaming.Tom works with his family to define expectations of the home network.
Determining the Needs of the Family
Although Tom’s wife sees the benefits of separating the children’s PCs from the home office, she is worried that she won’t be able to get the access she needs to the Internet. She also doesn’t see how she will be able to supervise the kids’ browsing habits.
The kids aren’t sure how they will be able to print their school papers, and are concerned that a firewall will adversely affect the bandwidth that is available for their gaming.They are excited about having the computers in their own space.
Tom plans to buy his wife a laptop to facilitate her working remotely and watching over the kids, and a printer for the kids to print their schoolwork.Tom is considering either running a Web server, and e-mail server locally, or paying for hosted services.This limits his budget for modifying his network to include a firewall to $200.
Talking to Local User Groups
Tom has heard of the local user group BayLISA, a group of system and network administrators ranging in skill levels.The group meets once per month to discuss issues related to their professions. It can also be a social atmosphere.Tom decides to e-mail the group with a detailed list of his problem. He registers with the BayLISA group by sending an e-mail to the mailing list manager majordomo@baylisa.org with the body “subscribe baylisa.” He follows the verification mechanism. After watching traffic for a few days, he submits his request.
Tom receives a number of responses from his query and notes all of the informa- tion. He categorizes product recommendations and experience separate from the gen- eral comments about his problems. Many users recommend he use a hosted site, as he
does not have the expertise to manage a Web or e-mail server. He could accidentally expose all his private files with the Web server, and expose his business network to more vulnerabilities by having incorrectly configured servers, or nonpatched servers.
He is reassured that the process of setting up a wireless network is painless, so he can move his children’s computers out of the office. Additionally, although he could set up a firewall on a Linux- or Unix-based system, he doesn’t have the finances to spend on the hardware, or the expertise to support the OS, applications, and firewall tuning that would be required. He is better off purchasing a firewall appliance he just has to remember to update regularly.
Creating a Site Survey of the Home
Based on his preliminary investigations and guidance from the user group,Tom comes up with the following design considerations:
■ He needs to purchase a firewall with VPN capabilities.
■ He needs to purchase a wireless access point to connect the laptops and children’s systems.
■ He needs to purchase two wireless cards for the children’s desktop com- puters.
■ He needs to invest in a hosted service plan that will allow him to have a personalized Web site, and e-mail address.
The next step is to analyze the existing environment.This includes:
■ Identifying current technology options and constraints.
■ Investigating the costs.
■ Weighing the costs and benefits of each solution.
Tom determines that there is an equal amount of business, school, and entertain- ment content being used for the broadband access. He determines the second printer for the kids is a good choice, as it will limit the access the children need to the office network. He also determines that he does not want the Web server, and e- mail server, affecting the family’s bandwidth, so he has decided to remotely host these services.
Tom’s existing network is very simple.The broadband service is delivered to the house from a DSL modem. From the modem, the service is wired to the PCs via a cat 5 Ethernet cable.The printer is a peripheral of his main business PC via the PC’s serial port. It is shared out to the local network.The networked disk is connected via a cat 5 Ethernet cable that sits
www.syngress.com
Case Study: SOHO (Five Computers, Printer, Servers, etc.) • Appendix B 243