INFO1200 - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

INFO1200

Description:

Securing Perimeter Network with VLANs & Routers using ACLs ... For perimeter networks top down design must put equal emphasis on designing for ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 30
Provided by: conest
Category:

less

Transcript and Presenter's Notes

Title: INFO1200


1
INFO1200 Hardening the Infrastructure
  • Perimeter Network Design
  • Design Principles
  • Designing an Internet Access Network
  • Designing Internet Application Networks
  • Designing VPN Remote Access Termination Networks

2
INFO1200 Hardening the Infrastructure
  • Design Principles
  • Overview
  • Selecting Deploying Firewalls
  • Placing Firewalls for Maximum Effect
  • Determining Right Type of Firewall for Perimeter
    Design
  • Including IDSs IPSs in Your Design
  • Creating Network Segments
  • Securing Perimeter Network with VLANs Routers
    using ACLs
  • Segmenting using DMZ Networks Service Networks

3
INFO1200 Hardening the Infrastructure
  • Overview
  • - Network design is usually a top-down design
  • three step approach
  • collect info to allow determination of
    requirements for capacity, functionality,
    performance, availability, scalability,
    affordability, manageability security
  • create logical network design to encompass needs
    of app or users
  • create physical network design to include real
    network devices
  • - For perimeter networks top down design must put
    equal emphasis on designing for security
    application requirements

4
INFO1200 Hardening the Infrastructure
  • Selecting Deploying Firewalls
  • - meant to be points of control between 2 network
    security zones through which all network traffic
    must flow
  • - two main functions
  • enforcing security policies ie. decide whether
    to allow network connections
  • logging to determine traffic patterns for
    forensic analysis
  • - firewalls alone do not provide complete network
    protection must be implemented in conjunction
    with IDSs IPSs

5
INFO1200 Hardening the Infrastructure
  • Placing Firewalls for Maximum Effect
  • - good implementation is designed to keep out all
    network traffic that is not specifically allowed
  • - firewalls in perimeter network responsible for
    maintaining security policies at all points of
    access
  • - should be placed at any access point to
    perimeter network as well as between any network
    segments within perimeter network
  • - multiple firewalls or multiple-interface
    firewalls should be used to create different
    security zones for different types of traffic
    requiring different security policies ie.
    public zone segmented from higher level security
    zones like management network

6
INFO1200 Hardening the Infrastructure
7
INFO1200 Hardening the Infrastructure
  • Determining Right Type of Firewall for Perimeter
    Network
  • - firewalls classified by
  • 1. methods they use to enforce security
  • choices are - packet-filtering (including
    stateful firewalls)
  • - proxy-based firewalls
  • - circuit gateway firewalls
  • 2. how they handle network traffic
  • choices are - routing firewalls
  • - bridging mode firewalls
  • 3. the physical configuration of device
  • choices are - server-based firewalls
  • - firewall appliances

8
INFO1200 Hardening the Infrastructure
  • Including IDSs IPSs in Your Design
  • - Two main systems for IDSs IPSs to detect
    intrusions
  • knowledge-based system compares network traffic
    to known attack or intrusion signatures
  • behaviour-based system examines traffic
    patterns and compares them with historical trends
  • - optimal location for IDS/IPS depends on its
    features functions
  • passive IDS should be behind perimeter firewall
    closest to data to be protected
  • IPS capable of stopping DoS and DDoS attacks
    should be placed on perimeter network between
    perimeter router perimeter firewall
  • IPS capable of quickly matching traffic patterns
    should be deployed inline to all network traffic
    right behind perimeter firewalls

9
INFO1200 Hardening the Infrastructure
  • Creating Network Segments
  • - used to separate perimeter network into
    separate networks based on content use
  • - enables network security devices to be
    implemented at boundaries between network
    segments allowing more control over network
    traffic
  • - methods used to segment perimeter network
    include
  • VLANs Routers with Access Control Lists
  • - ways to separate perimeter network architecture
    include
  • - segmenting network based on function and
    location of resources within each segment ie.
    DMZ with web, mail servers
  • - segmenting network based on services resources
    within each segment provide

10
INFO1200 Hardening the Infrastructure
  • Designing an Internet Access Network
  • Considerations when Designing Internet Access
    Network
  • Designing Logical Physical Networks

11
INFO1200 Hardening the Infrastructure
  • Considerations when Designing Internet Access
    Network
  • - based on top-down network design - 1st collect
    requirements
  • - requirements generally broken down into two
    types business technical
  • - results are displayed in Table 10.1 of textbook

12
INFO1200 Hardening the Infrastructure
13
INFO1200 Hardening the Infrastructure
14
INFO1200 Hardening the Infrastructure
  • Logical Physical Network Design for Internet
    Access Network
  • - Logical design is displayed in Figure 10.2 in
    textbook
  • - Physical design is displayed in Figure 10.3 in
    textbook

15
INFO1200 Hardening the Infrastructure
16
INFO1200 Hardening the Infrastructure
17
INFO1200 Hardening the Infrastructure
  • Designing Internet Application Networks
  • Considerations when Designing Internet
    Application Networks
  • Logical Physical Network Design

18
INFO1200 Hardening the Infrastructure
  • Considerations when Designing Internet
    Application Networks
  • - similar top-down network design approach
    required as for Internet Access Network
  • - results are displayed in Table 10.2 of textbook

19
INFO1200 Hardening the Infrastructure
20
INFO1200 Hardening the Infrastructure
  • Logical Physical Network Design for Internet
    Application Network
  • - Logical design is displayed in Figure 10.4 in
    textbook
  • - Physical design is displayed in Figure 10.5 in
    textbook

21
INFO1200 Hardening the Infrastructure
22
INFO1200 Hardening the Infrastructure
23
INFO1200 Hardening the Infrastructure
  • Designing VPN Remote Access Termination
    Networks
  • Considerations when Designing VPN Remote Access
    Termination Networks
  • Logical Physical Network Design

24
INFO1200 Hardening the Infrastructure
  • Considerations when Designing VPN Remote Access
    Termination Networks
  • - similar top-down network design approach
    required as for Internet Access Network
    Internet Application Network
  • - results are displayed in Table 10.3 of textbook

25
INFO1200 Hardening the Infrastructure
26
INFO1200 Hardening the Infrastructure
  • Logical Physical Network Design for VPN
    Remote Access Termination Network
  • - Logical design is displayed in Figure 10.6 in
    textbook
  • - Physical design is displayed in Figure 10.7 in
    textbook

27
INFO1200 Hardening the Infrastructure
28
INFO1200 Hardening the Infrastructure
29
INFO1200 Hardening the Infrastructure
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "INFO1200 " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!