|
You
may think that it is enough to have a firewall
to accomplish protection in a secure network.
This is to some extent true: It is not possible
for anyone outside the network to connect
to any device within the network except
to those servers that provide functionality
to the customers (e.g. DNS, Mail, and News).
Access to routers and similar equipment
is strongly restricted. All accesses to
network equipment are logged
with user account and timestamp.
However,
the network is open to Internet and it is
up to each customer to protect himself from
illegal access.
Static
routing is used for connected networks.
This prevents customers from injecting illegal
routing info in the network. However, in
certain cases it is necessary to accept
routing info from customers. In such case
Almco IT & Telecom require BGP4
routing protocol filtered by autonomous
system, AS. BGP routing info can be distributed
through the network and its transit routers
with internal BGP. Routing info in our routers
is kept to a minimum and increased only
on customer’s demand:
- Customers
without a registered AS are always connected
with static routing and use of “default
network” to reach the Internet.
No routing information is to be transferred
over such connections.
- Customer
with a registered AS but without other
Internet connections may be connected
in the same way as ”non AS”
customer.
However,
to avoid huge administration with static
routes, those can be replaced by accepting
routing info from network originated in
customer’s AS via routing protocol
BGP4.
Almco
IT & Telecom can also provide additional
protection by designing private satellite
networks for the customers. Optionally these
networks can be protected by setup of VPN.
|
