Chapter 18. Sample Designs

Let's put together all the security design information presented in Part III, "Designing a Secure Network Perimeter." Each chapter has presented a substantial amount of material you must incorporate into your designs to ensure they reflect the needs of your organization. As we have discussed, designing a secure network perimeter requires you to achieve a balance between conflicting factors, such as security, performance, and usability. For example, deciding to use 3DES encryption on a VPN implemented using low-end routers might provide the best protection for the connection, but the performance impact caused by the encryption might reduce performance unacceptably. In other instances, it might be difficult to determine when to follow a particular piece of design advice. To help integrate all this material, this chapter provides case studies to illustrate how network designs vary depending on the unique needs of the organization. The case studies were chosen to highlight several distinct design situations:

• A telecommuter who is using a broadband connection to access the corporate network via the Internet

• A business that has only a basic Internet presence

• A small e-commerce site that has a corporate network as well as several systems accessible from the Internet

As an example of a more complex architecture, we also discuss a multizone design that was presented by a candidate for a GIAC Certified Firewall Analyst (GCFW) certification. This design was submitted as part of a GCFW practical assignment that received an honors status. We begin with a review of core design criteria for a network security perimeter.