New Site Setup with ISO 27001 Compliance
In this project, I spearheaded the successful setup of a new site consisting of 200 posts, ensuring adherence to ISO 27001 standards. The project encompassed the implementation of various components and technologies to establish a secure and efficient network infrastructure.
The infrastructure design began with the deployment of two OpnSense firewalls in high availability mode. These firewalls were equipped with two internet lines: a primary connection and a backup connection, ensuring continuous connectivity and business continuity. This setup provided robust security measures and protected the network from external threats.
To facilitate secure communication within the network, a WireGuard VPN was integrated into the existing WireGuard network, following a star topology. This configuration enabled seamless and encrypted communication between the new site and other network segments.
The local network was structured using two top-of-the-rack MikroTik switches interconnected via SFP+ interfaces, ensuring high-speed and redundant connections. All other switches were connected to these core switches, forming a reliable network architecture. Network segregation and enhanced security were achieved through the allocation of dedicated VLANs for each department.
For wireless connectivity, UniFi access points were strategically deployed, offering reliable and centrally managed WiFi access throughout the new site. These access points were efficiently managed through the UniFi system, enabling seamless configuration and monitoring.
To ensure secure access control, access devices such as fingerprints were integrated and managed through the ZKTeco system. This system facilitated streamlined access management and enhanced security protocols.
To enable efficient virtualization, a Proxmox VE server was provisioned, providing a scalable and manageable virtualization platform. Virtual machines were deployed on this server, offering flexibility and efficient resource allocation.
As part of the server setup, a Windows Server 2022 was configured as a domain controller. This involved the creation of Organizational Units (OU) and the implementation of Group Policy Objects (GPO) to enforce ISO standards and enhance security measures within the network.
To enhance network security, a Pi-hole DNS filtering system was implemented. This system effectively blocked malicious domains and advertisements, contributing to a safer browsing experience for users.
Comprehensive monitoring was achieved using Checkmk, which provided proactive detection of potential issues and ensured the overall health and performance of the network.
For efficient software deployment and script execution, the FOG system was implemented. This system streamlined the process of deploying operating systems and software across PCs, simplifying the overall implementation tasks.
This project showcased my expertise in designing and implementing a secure network infrastructure while adhering to ISO 27001 standards. By successfully incorporating various technologies such as OpnSense firewalls, WireGuard VPN, MikroTik switches, UniFi access points, Proxmox VE server, and implementing systems like Pi-hole, Checkmk, and FOG, I ensured a robust, compliant, and high-performing IT environment for the new site.