How to build a secure network from the ground up

A user identified as enghashem posed this question:
I am interested in building a network for 100 users. It needs to be reliable, have an impeccable disaster recovery system and have other security features, including a firewall, antivirus and antispam. I will install this on Windows Server 2003, Exchange and ISA. Are there any resources that will show me how to create this complete network? I need information on router switches, security appliances and backup systems available on the market.

A user identified as DrillO advised:
"First, meet with EVERYONE who will be involved, from the CEO and CFO to department heads. Next, take a long hard look at your company's business plan and build your business case around it. When you are ready to start building the network, examine your budget and then add to it, for you will be building your network around it. There are several key resources you should look for; however, no one source will have everything you need. Do your homework, research, Google your questions, and look at some of the sites you find. Ask questions in forums, such as this one, when you have specific ones. Whatever you do, make sure your infrastructure will be able to handle what you want it to do and build in room for growth now, because getting more money later will be difficult, if not impossible."

A user identified as HumbleNetAdmin advised:
"When you're talking about building a network infrastructure from the ground up, you should incorporate several disciplines, including: Systems Admin, Network Admin, Network Engineer and Security Admin/Engineer. I have worked in the IT field for many years as a Network Admin and have brought these disciplines together in one form or another. However, I did not find the information in a single source, but multiple. Here are some links that I believe will help you:

• http://www.techtutorials.info/index.html
• http://www.techwebpipelines.com/;jsessionid=WSZHO5GENY0P4QSNDBGCKHSCJUMEKJVN
• http://www.networkworld.com/
• http://www.enterprisenetworkingplanet.com/
• http://techrepublic.com.com/5221-10872-0.html?tag=header
• http://www.microsoft.com/technet/prodtechnol/windowsserver2003/default.mspx

The previous post outlined some initial steps that will help make this project happen. Remember, management's support is crucial, because if you don't have their support and the money to back it, the project is unfortunately, doomed."

More Information Learn how to use a defense-in-depth strategy to create an secure computing environment. Secure your network perimeter.

A user identified as mks3rd advised:
"Have you heard of BADNT? It is a top down business model. If you use the acronym properly, you'll receive some great results. From the top down, check the business, the applications, the data, the network and then technology."

A user identified as larrythethird advised:
"DrillO hit it on the nose. Unless every business unit in the company is on board with the infrastructure's design, you'll be rebuilding and wasting time on things that could have been implemented correctly the first time. Plan for the unexpected. Business groups will say, "that's not what I asked for." Look for missing requirements before moving ahead. They'll be waiting to cause undo tension and delays. And, most importantly, remember the credo of networks: KIS (keep it simple)."

A user identified as Paul144hart advised:
"There are too many possibilities. You should consider writing a Request for Proposal and submit it to several contract houses."

A user identified as BinooDas1234 advised:
"Microsoft Solutions Framework Model will definitely help you. Go through the Process Model, Team Model and Risk Management Models. Details and white papers are also available at the Microsoft site."

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Screencast: Recovering lost data with WinHex How to build security into a virtualized server environment How to install and configure Nessus How to run a Nessus system scan Nessus: Vulnerability scanning in the enterprise Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM) Understanding multifactor authentication features in IAM suites Network intrusion prevention systems: Should enterprises deploy now? Webmail security: Best practices for data protection Vista WIL: How to take control of data integrity levels Network Firewalls Is it possible to allow select access to IP addresses using Windows Server 2003? Sophos finds patching issues through endpoint NAC tool Fortinet acquires database vulnerability scanner from IPLocks Is an IPsec VPN necessary when connecting remote servers that process financial transactions? Embedding security has drawbacks says TippingPoint chief architect Is security improved when the number of Internet gateways is reduced? Nipper audits routers, reveals insecure settings Product review: Netgear's Netgear FVS336G ProSafe Dual WAN Gigabit Firewall Product review: Tufin's Tufin SecureTrack 4.1 Product review: SonicWALL's SonicWALL NSA E5500 Network Intrusion Detection (IDS) What are best practices for creating an IDS and maintaining a signature database? Network intrusion prevention systems: Should enterprises deploy now? RSA 2008: Sourcefire founder Roesch previews Snort 3 Screencast: Opening up the Network Security Toolkit Can a firewall alone effectively block port-scanning activity? Should an intrusion detection system (IDS) be written using Java? What security risks do enterprise honeypots pose? What are the benefits of 'in-the-cloud' network security services? Screencast: Snort -- Tactics for basic network analysis Can Snort stop application-layer attacks? Network Intrusion Detection (IDS) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bastion host  (SearchSecurity.com) firewall  (SearchSecurity.com) Firewall Builder  (SearchSecurity.com) personal firewall  (SearchSecurity.com) screened subnet  (SearchSecurity.com) virus  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.