I’m working on an secure design installation for SME. I wonder if anyone already has started on this just so I don’t have to invent the wheel twice.
Scenario: I want to keep security very high and therefore an an “All in one” Nethserver installation is not secure enough for SME installations. I presume that some modules can co-exist on a server installation and some should be separated especially if you have DMZ servers and internal servers that need to communicate to each other and have the same role but are separated for external/internal use.
This solution Idea should reflect those possible scenarios:
- Complete solution design should be hosted virtual . I prefer ProXmoX but Nethserver could be used if it’s mature enough
- Secure mobile mail sync (SOGo, VPN)
- Design solution should reflect a FW/GW with UTM Nethsecurity installation
- All network scenarios should be used DMZ, Internet, Lan and Guest.
- DMZ (Orange) should host front end gw systems for Mail access, Webhosting, Owncloud gw etc.
- Guest (Blue) wifi for internet access.
- OpenVPN roadwarrior design
- VLAN design for voice/video/data
- UC&C Nethserver secure&encryptet setup for all the different modules
- IPPBX Nethvoice secure&encryptet Asterix installation switchboard setup with queue.
- ICT Nethmonitoring secure&encryptet monitoring setup.
This is only a draft and I haven’t seen the software yet for SME but would like to plan for an design that takes security serious. I don’t know if Nehtserver is up for the task but I would like to try and hear what the community thinks about this? Any suggestions are welcome.