Chapter 5: Designing Secure Networks

Overview

Network security is a huge subject, which incorporates all seven layers of the OSI model; many of the issues network security raises are sufficiently subtle to require skilled engineers and consultants to understand and tackle them. This chapter focuses on security issues and design solutions with IP-based networks. After discussing the security considerations and planning aspects, we then describe the VPN solutions available in the market today, which is one of the hottest topics in the service provider market. Network security is such a broad topic that this material is necessarily restricted to typical security design issues you are likely to encounter, for which appropriate suitable references are provided. The chapter builds on this framework and deals with the use of security in designing virtual private networks. The following topics are discussed:

• What the key issues are

• What the security threats and vulnerabilities are

• What technologies are available to combat these issues

• How to define a security policy and implement it

• How to design a secure network infrastructure with components available today

• How to avoid single points of failure and bottlenecks with security devices

• Design of secure IP VPNs

Providing security on any network can often have a profound influence on the network topology, design, traffic dynamics, and even the network addressing policy. Security is essentially a game of risk management; you must decide how much time, effort, and money are required to provide an acceptable degree of confidence in the resources you wish to protect. This chapter attempts to cover the salient points of network security, but clearly we have limited space to address this huge topic. For further information, the interested reader is urged to read [1, 23].