Securing a Network?

[JustXtreme]

I'm not sure where i should post this, i'm looking for a Forum that can help.
Thank You in advance for you understanding.

Ok, we have a SQL server, Mail server, Web server, and other file servers. we have two 24 port switches one that we can setup vlans on. what i see us doing is creating a vlan for each server and external IPs coming in for each one. so each server is kinda on it's on network, my question is how would u set up your network on sortof hardware point of view. our final goal is to have a secure web server that we can write asp pages to pull from our SQL server and not put our data at risk.
i've never written pages that pull from our live data out side of the office because we have never used our web server for anything besides internal uses.
i hope this makes some sort of sense.

[-TPM-]

I'd say VLAN's for each server is probably an over kill. If your that worried about your servers why not just install them as single servers (ie not trusting each other) that way it'd be hard for anyone/thing to access them, but if you needed too you could as you'd know the passwords.

P.S. this should probably be moved to General PC, one of the MOD's can move it for you.

[MagellanTX]

TPM is right, you don't want to take the individual VLAN approach. Also, even though your switch supports VLANS you still need a router to route the traffic between the different subnets. (something that supports trunking)

You have a few servers there so I assume this is a business and as such your best way to secure the traffic is with a hardware firewall such as a PIX. That way you can put the servers behind it and explicitly grant access to the individual ports that you want everyone else to see.

[Rattlerr]

yeah the best way is like MagellanTX Mentioned ..I would recommend 1st putting 2 different types of Hardware between the internet and the servers..

1: a Hardware Anti Virus System
2: a Nice Cisco Router with Switching capablities

Break off your Email Server,WebServer off the 1st Router/Switch ,Then put either a Switch or bridge In line hook up your Email and Webserver to that...

Run an Additional Patch Cable from the First Router to another Switch or Router put the SQL server behind that one...

This method of Networking is how most large companies start out slowly getting into a SubNet across their network..An Array of Routers,Switches,Bridges and Gateways....You dont want too put all your Egg's into one basket so to speak,Thats why we setup Individual Server Farms behind additional Hardware Firewalls,Anti Virus Systems etc..

Just a Suggestion but that is one of the more secure ways of doing it without installing a Software Firewall and using up Additional Resources on a System...