Chapter 12. Fundamentals of Secure Perimeter Design


If you are not currently the lead designer for your organization, we suspect that becoming one is one of your goals. You might be laying out a network from scratch, assessing the strength of an existing infrastructure, determining where to place a new security device, or deciding whether to deploy one at all. You know of many defense components you could incorporate into your security infrastructure, and you know of countless ways of arranging them. This chapter concentrates on the do's and don'ts of security perimeter design and covers some of the more common scenarios.

Before jumping into a design session, you need to have the right tools for making design-related decisions. In the world of network security architecture, these tools are bits of information about your environment and your business goals. You need to figure out the following:

  • What resources need to be protected

  • Who you are protecting against

  • What your business needs and constraints are

In this chapter, we review the factors you need to consider when designing the network's perimeter. We analyze several building blocks that are useful for crafting more complex architectures. These scenarios will incorporate firewalls, routers, and VPN devices in various permutations.

Deciding on a particular defense architecture is a rewarding and complicated task that requires making tough choices in the world where functionality and security are often at odds with each other. It is understandable to want to delay making such decisions as long as possible. After all, it is easier to avoid confrontation than fight an uphill battle for budget and resources. Making security design decisions involves resolving conflicts that incorporate many aspects of the network and application infrastructure, such as usability, reliability, manageability, and cost. Principles that are presented in this chapter are meant to help you make hard decisions early in the process of setting up a security perimeter; that way, you can save sleep, time, and money in the implementation and maintenance phases of your deployment.

Tip

The later you make a decision that modifies your design, the harder it is to properly implement the change. You should put extraordinary effort into the design phases of your engagement to minimize the chance of making significant changes later in the process.




    Inside Network Perimeter Security
    Inside Network Perimeter Security (2nd Edition)
    ISBN: 0672327376
    EAN: 2147483647
    Year: 2005
    Pages: 230

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net