advices and suggestion on creating an company network

[nirr]

hi ,
i am (would like) about to create a robust company network with security in mind
from all kinds of attacks ,
in network if pcs got infected so protect the network from it or to it,
from red team or malicious person that will connect directly to the network port
have a super high security file share type system
and so on...

i have seen , zenarmor and suricata with proofpoint emergingthreats rule set  for IDS and IPS

trying to find a good XDR  (i've seen Wazuh agent idk how it compares against sentinel one , cybereason , palo alto) , suggestion and thoughts are welcome .

trying to find how to properly protect a shared type system (idk which one yet , SMB seems obivous but im not sure its the best thing for a non domain environment)

trying to find out how to protect physical ports for malicious actors , for example to shutdown a port. (like portnox)


trying to find a way (not sure if that exists) to give access to the network and or "receive networking service" to authenticated computers on the network , like for the pc to send a special crafted packet or something else .

for example it is needed when an attacker can mimic a mac address to enter the network , however ! if he does not have that special crafted packet or something like that , the network will ignore it

anyhow , help , suggestion  are all welcomed !

thank you

[nirr]

any ideas for a good protected sharing file system ?

on prem not on the cloud ?

[Patrick M. Hausen]

Hire a professional or a company specialised in infrastructure.

[nirr]

Hire a professional or a company specialised in infrastructure.

hi , its me :)

[FLguy]

Hello nirr. 

Do you have an opnsense question for this opnsense forum?  Your whole post is intended for something like Reddit or Discord. Folks are here to support the opnsense community on Opnsense-related topics.

[bimbar]

Hire a professional or a company specialised in infrastructure.

Please do that.