Security Basics mailing list archives
RE: Designing Network Security
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 5 Jan 2006 16:18:25 -0800
My preference is to start with broad categories of services and clients. Does this client need Internet access? Does this service need to be accessed from the Internet? Don't forget to include guests as a class of client. Put each class of host (there are probably half a dozen) on its own VLAN. For each VLAN, determine what sort of gateway best provides the necessary degree of security. Proxy? Stateful packet filter? VPN endpoint? If you decide to mix multiple security gateways, you may find it helpful to create and internal VLAN that only has the various gateways on it. Provision VLANs to physical locations as necessary. You may want to use something like 802.1x to dynamically assign clients to the VLAN appropriate for their credentials. David Gillett
-----Original Message----- From: Kaushik [mailto:kaushik () gamebox net] Sent: Thursday, January 05, 2006 4:53 AM To: security-basics () securityfocus com Subject: Designing Network Security Hello List, How does one go about designing Network Security. We need to redesign the network and the focus will be on protecting the network from external attacks as well as from malicious internal users. Working on the policies. Have to concentrate on protecting the IP also since we are a R&D center. Can some direct me to good online resources in the vast sea available. Warm Regards Kaushik -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------------------------------------------------------- ------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Designing Network Security Kaushik (Jan 05)
- RE: Designing Network Security David Gillett (Jan 06)
- <Possible follow-ups>
- RE: Designing Network Security Ray Sawyer (Jan 06)
- Re: RE: Designing Network Security kaushik (Jan 09)
- RE: Designing Network Security Thomas F. Szabo (Jan 09)
- RE: Designing Network Security BĂ©noni MARTIN (Jan 11)