Security Basics mailing list archives

RE: Designing Network Security

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 5 Jan 2006 16:18:25 -0800

  My preference is to start with broad categories of services
and clients.  Does this client need Internet access?  Does 
this service need to be accessed from the Internet?  Don't forget
to include guests as a class of client.
  Put each class of host (there are probably half a dozen) on its 
own VLAN.  For each VLAN, determine what sort of gateway best 
provides the necessary degree of security.  Proxy?  Stateful
packet filter?  VPN endpoint?
  If you decide to mix multiple security gateways, you may find
it helpful to create and internal VLAN that only has the various 
gateways on it.

  Provision VLANs to physical locations as necessary.  You may want
to use something like 802.1x to dynamically assign clients to
the VLAN appropriate for their credentials.

David Gillett

-----Original Message-----
From: Kaushik [mailto:kaushik () gamebox net] 
Sent: Thursday, January 05, 2006 4:53 AM
To: security-basics () securityfocus com
Subject: Designing Network Security

Hello List,

         How does one go about designing Network Security.
We need to redesign the network and the focus will be on 
protecting the network from external attacks as well as from 
malicious internal users. Working on the policies.
Have to concentrate on protecting the IP also since we are a 
R&D center.
Can some direct me to good online resources in the vast sea available.

Warm Regards
Kaushik




--
This message has been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.


--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting 
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business 
Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

Designing Network Security Kaushik (Jan 05)
- RE: Designing Network Security David Gillett (Jan 06)
- <Possible follow-ups>
- RE: Designing Network Security Ray Sawyer (Jan 06)
- Re: RE: Designing Network Security kaushik (Jan 09)
- RE: Designing Network Security Thomas F. Szabo (Jan 09)
- RE: Designing Network Security Bénoni MARTIN (Jan 11)