Network Segmentation and Backup

This document provides a general guide to network segmentation using VLANs and setting up a backup system with NAS and cloud services. It covers physical connections, configuration, testing, and visualization of each step.

1. Hardware Preparation

For successful implementation, the following equipment is needed:

• Managed switch: ZyXEL, MERAKI, UNIFI, or MikroTik CRS
• NAS device: Synology DS1524+ or QNAP TS-453D
• Firewall: ZyWALL USG FLEX, MERAKI, UNIFI, MikroTik

2. VLAN Configuration

Create VLANs on the switch and divide the network into three segments:

• VLAN1 (Workstations): IP range 192.168.1.0/24
• VLAN2 (Servers + NAS): IP range 192.168.2.0/24
• VLAN3 (Management): IP range 192.168.3.0/24

Assign switch ports to their respective VLANs and set up a trunk port between the switch and firewall.

3. Firewall Configuration

Configure the firewall according to these rules:

• Allow communication between workstations and servers (e.g., RDP, SMB)
• Block direct access from workstations to NAS
• Allow NAS internet access for cloud backups

This ensures security and minimizes breach risks.

4. Backup Implementation

Set up the backup system as follows:

• NAS configuration: RAID5 for redundancy, shared folders for backups
• Backup software: Install Veeam or Acronis, set up daily incremental and weekly full backups
• Cloud backups: Connect NAS to Helpio Cloud or Microsoft Azure for offsite backups

5. Testing and Optimization

Perform the following tests:

• Data recovery from both NAS and cloud backups
• Failure simulation and access rule verification
• Network and backup performance monitoring using PRTG or Zabbix

The 3-2-1 Backup Rule

The 3-2-1 rule is a proven approach to data backup that ensures maximum safety:

• 3 copies of data: One original and two backups
• 2 different storage types: For example, NAS device and external drives
• 1 offsite backup: Stored outside the company premises, for example in the cloud or on an external drive stored off-network

This approach minimizes the risk of data loss due to cyber attacks, technical problems, or physical disasters.

Benefits of the Proposed Solution

• Maximum data protection: Protection against ransomware, outages, and physical threats
• Efficient management: Automated backups save time and minimize human errors
• Fast data recovery: Minimized downtime thanks to easy recovery from NAS or cloud
• Scalability: The solution can be expanded as the company grows
• Standards compliance: Helps meet legislative data protection requirements