Campus Security Design

This chapter covers the following topics:

• What Is the Campus?
• Campus Trust Model
• Expected Threats
• Threat Mitigation
• Identity Considerations
• Network Design Considerations
• Small Network Campus Security Design
• Medium Network Campus Security Design
• High-End Resilient Campus Security Design

Thrust ivrybody, but cut th' ca-ards.

Finley Peter Dunne (Mr. Dooley), Mr. Dooley's Opinions, 1901

Evil will always triumph over good because good is dumb.

Mel Brooks, Dark Helmet in Spaceballs, 1987

In Chapter 13, "Edge Security Design," you learned about design considerations for edge networks. This included several sample designs for different-size networks. This chapter takes the same approach but for campus networks. The chapter starts with a discussion on the likely threats and mitigation techniques. It then presents general design considerations for all campus networks, and finally it applies all the relevant information in this book to several sample campus networks. By this point in the book, all of the core concepts have been covered regarding security system design. All that is needed is to apply that information to the unique problem of campus security. Network management is the only topic left to discuss and is covered in Chapter 16, "Secure Network Management and Network Security Management."

NOTE

In the past, I've likened campus networks, as others in the security industry have, to the soft, chewy center of a candy with a crunchy exterior. That crunchy exterior is, of course, the edge design, where most people spend their time with security. Although it would be inaccurate to try and achieve the same security throughout the entire network (edge and campus), internal campus security has almost always been very neglected in the customer designs I've evaluated.