General Design Considerations

This chapter covers the following topics:

  • Physical Security Issues
  • Layer 2 Security Considerations
  • IP Addressing Design Considerations
  • ICMP Design Considerations
  • Routing Considerations
  • Transport Protocol Design Considerations
  • DoS Design Considerations

Many things difficult to design prove easy to performance.

Samuel Johnson, Rasselas: The History of Rasselas, Prince of Abissinia, 1759

A good scientist is a person with original ideas. A good engineer is a person who makes a design that works with as few original ideas as possible. There are no prima donnas in engineering

Freeman Dyson, Physicist, Disturbing the Universe, 1979

At the beginning of any secure network design project, many best practices apply more or less uniformly to all areas of the design. This chapter presents these practices in a single location and then draws on them throughout the rest of the book. The designs presented in Chapter 13, "Edge Security Design," Chapter 14, "Campus Security Design," and Chapter 15, "Teleworker Security Design," are based on many of the concepts described here and in the companion chapters (Chapters 7-11), which detail specific design considerations for certain technologies. The topics are presented in loose compliance with the seven-layer OSI model and, as such, cover a diverse set of topics. Chapter 1, "Network Security Axioms," presented the security axioms; this chapter translates them into actionable guidance for secure network design.

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery © 2008-2020.
If you may any questions please contact us: