Network Security Architecture

Previous page
Table of content
Next page

There are many possible places for an enterprise to place the IDS. Three of the most common and effective include the following:

  • Network perimeter Includes all that is internal to the network against all that is external. The perimeter equipment includes:

    - Firewalls Connect the internal network to the external network. Firewalls also can create firewalls within firewalls, blocking off various resources to other areas, for example, blocking certain human resource services from employees.

    - Access servers and modems Enable the users entry point into the network.

    - Network service provider links The points between the proprietary wiring and commercial services; for example, direct connection to the Internet.

    Figure 15-4 illustrates the network perimeter.

    Figure 15-4. Network Perimeter

    graphics/15fig04.gif

    In this scenario, a network-based IDS should be placed at every entry point on the network perimeter; in this case, at the Access Server and firewall points.

  • Server farms The server farms are the segments of the network that host the servers; no client workstations exist in the server farm environment.

    Figure 15-5 illustrates a server farm layout.

    Figure 15-5. Server Farm

    graphics/15fig05.gif

    The server farm is a network concentration of servers providing resources to users, such as World Wide Web hosting, FTP servers, organization file servers, e-commerce servers, etc.

In this scenario, a network-based IDS should be placed at the entry point for both dedicated and dial-in users, as well as the entry point to the server farm. Further protection is afforded by placing host-based IDS systems on each server in the server farm.

  • Network backbone The network backbone provides access to various network areas. They can be low- or high-bandwidth, depending on the implementation. Avoiding backbone links may eliminate some network delay. Intruders would be looking for important systems on this type of network. Anomalous traffic such as port scanning and IP spoofing attempts should encourage a flag for the administrator to investigate.

    Figure 15-6 illustrates regional network connections, with all traffic crossing a backbone as the traffic is forwarded from one region to the next.

    Figure 15-6. Network Backbone

    graphics/15fig06.gif

    In this scenario, a network-based IDS should be placed at the entry point for each regional network in the network backbone.


Previous page
Table of content
Next page
Network Sales and Services Handbook
Network Sales and Services Handbook (Cisco Press Networking Technology)
ISBN: 1587050900
EAN: 2147483647
Year: 2005
Pages: 269
Authors: Matthew J Castelli
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
The CISSP and CAP Prep Guide: Platinum Edition
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Introduction to 80x86 Assembly Language and Computer Architecture
Web Systems Design and Online Consumer Behavior
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy