Campus Security Design

This chapter covers the following topics:

  • What Is the Campus?
  • Campus Trust Model
  • Expected Threats
  • Threat Mitigation
  • Identity Considerations
  • Network Design Considerations
  • Small Network Campus Security Design
  • Medium Network Campus Security Design
  • High-End Resilient Campus Security Design

Thrust ivrybody, but cut th' ca-ards.

Finley Peter Dunne (Mr. Dooley), Mr. Dooley's Opinions, 1901

Evil will always triumph over good because good is dumb.

Mel Brooks, Dark Helmet in Spaceballs, 1987

In Chapter 13, "Edge Security Design," you learned about design considerations for edge networks. This included several sample designs for different-size networks. This chapter takes the same approach but for campus networks. The chapter starts with a discussion on the likely threats and mitigation techniques. It then presents general design considerations for all campus networks, and finally it applies all the relevant information in this book to several sample campus networks. By this point in the book, all of the core concepts have been covered regarding security system design. All that is needed is to apply that information to the unique problem of campus security. Network management is the only topic left to discuss and is covered in Chapter 16, "Secure Network Management and Network Security Management."


In the past, I've likened campus networks, as others in the security industry have, to the soft, chewy center of a candy with a crunchy exterior. That crunchy exterior is, of course, the edge design, where most people spend their time with security. Although it would be inaccurate to try and achieve the same security throughout the entire network (edge and campus), internal campus security has almost always been very neglected in the customer designs I've evaluated.

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery © 2008-2020.
If you may any questions please contact us: