Organizational Realities

When faced with the daunting task of network and security management, organizations generally do one of two things, neither of which is ideal for the type of security system advocated in this book. First, they might try to integrate security into their existing network management framework and tools without a lot of thought for the security elements individually. This generally results in security information being mixed in with general networking events, which makes both network security and general network management more difficult.

The other option many organizations adopt is to relegate security management to dedicated security devices such as firewalls or IDS appliances and to have that management occur on separate systems from general network management. This is often born out of organizational realities with the security operations (SECOPS) team separate from network operations (NETOPS).

To manage the type of secure network discussed thus far in the book, you need to incorporate elements of both approaches. Because security functions exist on general network devices as often as they exist on specific security devices, a proper security management system must incorporate a diverse set of inputs from hosts, routers, firewalls, switches, and so on. In this way, it mimics the first approach just mentioned. That said, it must support different prioritization for the data from these systems, mimicking the latter approach. For example, the security events generated by a Layer 2 (L2) switch inside the campus network are not generally as critical as those coming from the corporate firewall, but there are times when the reverse is true. If L2 attacks are launched within your campus, switch management capabilities (and IDS, if available) are often your only means to determine what is going on.

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies



Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process


Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery © 2008-2020.
If you may any questions please contact us: