General Design Considerations

This chapter covers the following topics:

• Physical Security Issues
• Layer 2 Security Considerations
• IP Addressing Design Considerations
• ICMP Design Considerations
• Routing Considerations
• Transport Protocol Design Considerations
• DoS Design Considerations

Many things difficult to design prove easy to performance.

Samuel Johnson, Rasselas: The History of Rasselas, Prince of Abissinia, 1759

A good scientist is a person with original ideas. A good engineer is a person who makes a design that works with as few original ideas as possible. There are no prima donnas in engineering

Freeman Dyson, Physicist, Disturbing the Universe, 1979

At the beginning of any secure network design project, many best practices apply more or less uniformly to all areas of the design. This chapter presents these practices in a single location and then draws on them throughout the rest of the book. The designs presented in Chapter 13, "Edge Security Design," Chapter 14, "Campus Security Design," and Chapter 15, "Teleworker Security Design," are based on many of the concepts described here and in the companion chapters (Chapters 7-11), which detail specific design considerations for certain technologies. The topics are presented in loose compliance with the seven-layer OSI model and, as such, cover a diverse set of topics. Chapter 1, "Network Security Axioms," presented the security axioms; this chapter translates them into actionable guidance for secure network design.