Where in edge network designs should internal proxy servers be placed?


If proxy servers are mandated in your design because of policy requirements, they can most easily be placed in your internal campus network or off a dedicated public server segment if you value treating them as a semitrusted resource. Both options are discussed in Chapter 7.


How should connections from the edge be made back to the campus network?


It depends on the number of connections. In the case of the small network, there is only one connection point, so it is easy to connect it directly to the campus. A high-end network might have an Internet, e-commerce, extranet, and remote access edge. With this many technologies, it can be appropriate to aggregate the connectivity at an edge distribution layer. This is discussed more in Chapter 14, "Campus Security Design."


How do the NIDS systems report data back to the management network?


Most NIDS appliances have two interfaces. One sniffs for attack traffic and has no IP address til the other connects to the management network where all alarms are sent and command and control information is received. These second interface connections are not seen in the diagrams in this chapter but connect back to your management network.


Are there any security issues resulting from having a redundant infrastructure in which each path through the edge is equally preferred by the campus?


The main issues center around the handling of asymmetric traffic when you have stateful security devices such as firewalls or NIDS. Chapter 6 covers this issue in detail.


Based on your understanding of this chapter, which edge design is currently closest to your own network?


Which design most mirrors how you intuitively think your network should be designed?


Looking at the design most similar to the design you envision for your own network, find at least one place where you disagree with the layout or function of the design. How and why would you do it differently?

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net