Chapter 3: Designing Network Infrastructure Security

Overview

Your network infrastructure is vulnerable to attack at many levels, including the firmware or the physical device itself. You must consider and design for securing the data that resides on a physical device—for example, configuration settings and the data on Ethernet and IP packets that pass through switches and routers on the network. You also need to consider and design for physically securing the network devices, because no matter how strong your security, it can probably be broken by someone who has physical access to it.

Physically securing your own devices is one thing, but on a public network like the Internet, you are not always in control of the devices that your data may pass over. Even internally, you might want to prevent sensitive types of data from being “accidentally” seen as it travels on the network. You need to come up with a security strategy that successfully mitigates the risks to your data moving across networks.

In this chapter, we will explore the vulnerabilities to data transmitted over a network and what protocols are available for mitigating these vulnerabilities. We will then look at designing secure remote access to your network using a virtual private network (VPN) and securely extending your network to external organizations. Finally, we will look at security problems with wireless networks and how you can overcome them.