Choosing a corporate Internet gateway
The corporate Internet gateway is the head of the IT infrastructure, but in case of any problems, it instantly turns into another part of the body ... for the company.
The choice of an Internet gateway depends on a variety of circumstances: allocated budget, qualifications and preferences for hardware and software solutions of the network administrator, size of the network, the need for certificates, etc. Probably, this article is not for those who know the Tao gurus, who with the help of available tools like the third hemp, tambourine and some mother can playfully uninterrupted access to the Internet and traffic control for hundreds of machines. We will talk about things more standard and down to earth: how to choose a corporate Internet gateway and what should be in it?
First of all, it is necessary to decide: choose a hardware solution or software. Most hardware solutions are pre-configured and work on the “set and forget” principle. In conditions of a limited budget and with insufficient qualifications, it is better (away from sin) to use a hardware solution.
')
Customization of settings and the number of opportunities to monitor and control the network with this approach must be sacrificed. Software solutions usually involve constant monitoring of the network , analyzing statistics, setting filtering parameters, choosing the mode of operation, adding users, changing security policies - in general, a reasonable use of the existing functionality. Therefore, if you need to sharpen the product for yourself “from time to time” and have a complete set of tools for managing the network, you need the appropriate software solution and your own corporate server.
The Internet gateway organizes uninterrupted work on the Internet for all employees of the company; therefore, the proxy server on the basis of which it is executed must have sufficient functionality, a user-friendly interface and the ability to flexibly configure the network and access rights: VIP users should have full access to the network and ordinary Cut off VKontakte and favorite forums. It is also important to easily manage the speed of users, set priorities for different types of traffic (for example, increase the priority of IP telephony to ensure high-quality communications and reduce for archives). Do not forget about the support of VPN and NAT. The remote administration feature is extremely useful, so that the lion’s share of network problems can be solved without leaving home.
The built-in proxy server helps to control and save Internet traffic: it allows you to analyze user requests, download sites and their elements and act in strict accordance with established rules. Typically, the following traffic filtering functions are required from the Internet gateway:
Often used proxy cascading systems, the ability to redirect traffic from different users to different higher proxies, and with different methods and types of authorization.
Separately, it is worth mentioning the statistics, which for the Internet gateway is not a “third kind of lie”, but an important source of information about the user's behavior. Thanks to statistics, you can at any time find out which user is blocking the Internet channel, on which resources employees hang and when it is time to block sites and cut the traffic limit.
In addition, the Internet gateway protects the corporate network from external influences. Especially reliable protection is important in the case when, for one reason or another, not only users sit under Windows, but also the server itself (let's not dilute holivar on why under Windows, but practice shows, this happens quite often). In this case, antivirus and firewall are necessary as air. You also need a phishing protection module and, most importantly, the direct hands of someone who sets up all this magnificence.
A separate topic is the availability of security certificates, which, firstly, they guarantee certain security (to whom they are not issued), and secondly, if the FSTEC has a certificate, the Internet gateway will not cause suspicion during “all beloved” bureaucratic checks organizations.
Each time a sysadmin places a new server or service, a problem arises: how to “enter” a new constantly running service or server into an already established network.
How to fine-tune NAT and other network services to work correctly, whether this server will be in AD, whether other network services can be hosted on it, or whether the server should be dedicated. It does not depend on the method of implementation - it is a matter of network planning.
The main problems with using software gateways are as follows. First of all, this is a familiar situation to many: the old admin quit, and the new genius, in the process of work, brought down the correctly working settings and has no idea why nothing works, and what to do now. A hard case - the last admin correctly configured everything through the fryahu, and the Windows amateur admin is useful to deal with the sad consequences for himself and the company. Often, newbies have an incorrect filter setting due to their unwillingness to read the manual and understand what is written there. Or simply the user has installed the program and has no idea what to do with it.
In general, an Internet gateway is a tool that must be selected depending on the tasks to be performed, tastes and competence responsible for the safe and uninterrupted operation of the sysadmin network. The main thing is that the network should work like a clock and fulfill the most important function assigned to it to ensure the organization’s communication with the outside world.
Thank you for your attention and look forward to your comments.
Previous posts:
The choice of an Internet gateway depends on a variety of circumstances: allocated budget, qualifications and preferences for hardware and software solutions of the network administrator, size of the network, the need for certificates, etc. Probably, this article is not for those who know the Tao gurus, who with the help of available tools like the third hemp, tambourine and some mother can playfully uninterrupted access to the Internet and traffic control for hundreds of machines. We will talk about things more standard and down to earth: how to choose a corporate Internet gateway and what should be in it?
Hardware or software solution?
First of all, it is necessary to decide: choose a hardware solution or software. Most hardware solutions are pre-configured and work on the “set and forget” principle. In conditions of a limited budget and with insufficient qualifications, it is better (away from sin) to use a hardware solution.
')
Customization of settings and the number of opportunities to monitor and control the network with this approach must be sacrificed. Software solutions usually involve constant monitoring of the network , analyzing statistics, setting filtering parameters, choosing the mode of operation, adding users, changing security policies - in general, a reasonable use of the existing functionality. Therefore, if you need to sharpen the product for yourself “from time to time” and have a complete set of tools for managing the network, you need the appropriate software solution and your own corporate server.
Necessary functionality of corporate Internet gateway
The Internet gateway organizes uninterrupted work on the Internet for all employees of the company; therefore, the proxy server on the basis of which it is executed must have sufficient functionality, a user-friendly interface and the ability to flexibly configure the network and access rights: VIP users should have full access to the network and ordinary Cut off VKontakte and favorite forums. It is also important to easily manage the speed of users, set priorities for different types of traffic (for example, increase the priority of IP telephony to ensure high-quality communications and reduce for archives). Do not forget about the support of VPN and NAT. The remote administration feature is extremely useful, so that the lion’s share of network problems can be solved without leaving home.
The built-in proxy server helps to control and save Internet traffic: it allows you to analyze user requests, download sites and their elements and act in strict accordance with established rules. Typically, the following traffic filtering functions are required from the Internet gateway:
- presence of content filtering,
- HTTPS filtering capability
- assigning filters depending on the time
- to certain user groups,
- availability of ready-made templates for the rules.
Often used proxy cascading systems, the ability to redirect traffic from different users to different higher proxies, and with different methods and types of authorization.
Separately, it is worth mentioning the statistics, which for the Internet gateway is not a “third kind of lie”, but an important source of information about the user's behavior. Thanks to statistics, you can at any time find out which user is blocking the Internet channel, on which resources employees hang and when it is time to block sites and cut the traffic limit.
In addition, the Internet gateway protects the corporate network from external influences. Especially reliable protection is important in the case when, for one reason or another, not only users sit under Windows, but also the server itself (let's not dilute holivar on why under Windows, but practice shows, this happens quite often). In this case, antivirus and firewall are necessary as air. You also need a phishing protection module and, most importantly, the direct hands of someone who sets up all this magnificence.
A separate topic is the availability of security certificates, which, firstly, they guarantee certain security (to whom they are not issued), and secondly, if the FSTEC has a certificate, the Internet gateway will not cause suspicion during “all beloved” bureaucratic checks organizations.
The main problems of system administrators with an Internet gateway
Each time a sysadmin places a new server or service, a problem arises: how to “enter” a new constantly running service or server into an already established network.
How to fine-tune NAT and other network services to work correctly, whether this server will be in AD, whether other network services can be hosted on it, or whether the server should be dedicated. It does not depend on the method of implementation - it is a matter of network planning.
The main problems with using software gateways are as follows. First of all, this is a familiar situation to many: the old admin quit, and the new genius, in the process of work, brought down the correctly working settings and has no idea why nothing works, and what to do now. A hard case - the last admin correctly configured everything through the fryahu, and the Windows amateur admin is useful to deal with the sad consequences for himself and the company. Often, newbies have an incorrect filter setting due to their unwillingness to read the manual and understand what is written there. Or simply the user has installed the program and has no idea what to do with it.
In general, an Internet gateway is a tool that must be selected depending on the tasks to be performed, tastes and competence responsible for the safe and uninterrupted operation of the sysadmin network. The main thing is that the network should work like a clock and fulfill the most important function assigned to it to ensure the organization’s communication with the outside world.
Thank you for your attention and look forward to your comments.
Previous posts:
Source: https://habr.com/ru/post/257829/
All Articles