INFO1200 – Hardening the Infrastructure <ul><li>Perimeter Network Design </li></ul><ul><ul><li>Design Principles </li></ul...
INFO1200 – Hardening the Infrastructure <ul><li>Design Principles </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><l...
INFO1200 – Hardening the Infrastructure <ul><li>Overview </li></ul><ul><ul><li>- Network design is usually a top-down desi...
INFO1200 – Hardening the Infrastructure <ul><li>Selecting & Deploying Firewalls </li></ul><ul><ul><li>- meant to be points...
INFO1200 – Hardening the Infrastructure <ul><li>Placing Firewalls for Maximum Effect </li></ul><ul><ul><li>- good implemen...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Determining Right Type of Firewall for Perimeter Network </li></ul><ul><ul...
INFO1200 – Hardening the Infrastructure <ul><li>Including IDSs & IPSs in Your Design </li></ul><ul><ul><li>- Two main syst...
INFO1200 – Hardening the Infrastructure <ul><li>Creating Network Segments </li></ul><ul><ul><li>- used to separate perimet...
INFO1200 – Hardening the Infrastructure <ul><li>Designing an Internet Access Network </li></ul><ul><ul><li>Considerations ...
INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing Internet Access Network </li></ul><ul><ul><l...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for Internet Access Network </li></ul><u...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Designing Internet Application Networks </li></ul><ul><ul><li>Consideratio...
INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing Internet Application Networks </li></ul><ul>...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for Internet Application Network </li></...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Designing VPN & Remote Access Termination Networks </li></ul><ul><ul><li>C...
INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing VPN & Remote Access Termination Networks </l...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for VPN & Remote Access Termination Netw...
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure
INFO1200 – Hardening the Infrastructure
Upcoming SlideShare
Loading in …5
×

Slides - Ch. 10

180
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
180
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Slides - Ch. 10

  1. 1. INFO1200 – Hardening the Infrastructure <ul><li>Perimeter Network Design </li></ul><ul><ul><li>Design Principles </li></ul></ul><ul><ul><li>Designing an Internet Access Network </li></ul></ul><ul><ul><li>Designing Internet Application Networks </li></ul></ul><ul><ul><li>Designing VPN & Remote Access Termination Networks </li></ul></ul>
  2. 2. INFO1200 – Hardening the Infrastructure <ul><li>Design Principles </li></ul><ul><ul><li>Overview </li></ul></ul><ul><ul><li>Selecting & Deploying Firewalls </li></ul></ul><ul><ul><ul><li>Placing Firewalls for Maximum Effect </li></ul></ul></ul><ul><ul><ul><li>Determining Right Type of Firewall for Perimeter Design </li></ul></ul></ul><ul><ul><li>Including IDSs & IPSs in Your Design </li></ul></ul><ul><ul><li>Creating Network Segments </li></ul></ul><ul><ul><ul><li>Securing Perimeter Network with VLANs & Routers using ACLs </li></ul></ul></ul><ul><ul><ul><li>Segmenting using DMZ Networks & Service Networks </li></ul></ul></ul>
  3. 3. INFO1200 – Hardening the Infrastructure <ul><li>Overview </li></ul><ul><ul><li>- Network design is usually a top-down design </li></ul></ul><ul><ul><ul><li>three step approach </li></ul></ul></ul><ul><ul><ul><ul><li>collect info to allow determination of requirements for capacity, functionality, performance, availability, scalability, affordability, manageability & security </li></ul></ul></ul></ul><ul><ul><ul><ul><li>create logical network design to encompass needs of app or users </li></ul></ul></ul></ul><ul><ul><ul><ul><li>create physical network design to include real network devices </li></ul></ul></ul></ul><ul><ul><li>- For perimeter networks top down design must put equal emphasis on designing for security & application requirements </li></ul></ul>
  4. 4. INFO1200 – Hardening the Infrastructure <ul><li>Selecting & Deploying Firewalls </li></ul><ul><ul><li>- meant to be points of control between 2 network security zones through which all network traffic must flow </li></ul></ul><ul><ul><li>- two main functions </li></ul></ul><ul><ul><ul><li>enforcing security policies – ie. decide whether to allow network connections </li></ul></ul></ul><ul><ul><ul><li>logging – to determine traffic patterns & for forensic analysis </li></ul></ul></ul><ul><ul><li>- firewalls alone do not provide complete network protection – must be implemented in conjunction with IDSs & IPSs </li></ul></ul>
  5. 5. INFO1200 – Hardening the Infrastructure <ul><li>Placing Firewalls for Maximum Effect </li></ul><ul><ul><li>- good implementation is designed to keep out all network traffic that is not specifically allowed </li></ul></ul><ul><ul><li>- firewalls in perimeter network responsible for maintaining security policies at all points of access </li></ul></ul><ul><ul><li>- should be placed at any access point to perimeter network as well as between any network segments within perimeter network </li></ul></ul><ul><ul><li>- multiple firewalls or multiple-interface firewalls should be used to create different security zones for different types of traffic requiring different security policies – ie. public zone segmented from higher level security zones like management network </li></ul></ul>
  6. 6. INFO1200 – Hardening the Infrastructure
  7. 7. INFO1200 – Hardening the Infrastructure <ul><li>Determining Right Type of Firewall for Perimeter Network </li></ul><ul><ul><li>- firewalls classified by </li></ul></ul><ul><ul><ul><li>1. methods they use to enforce security </li></ul></ul></ul><ul><ul><ul><ul><li>choices are - packet-filtering (including stateful firewalls) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>- proxy-based firewalls </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>- circuit gateway firewalls </li></ul></ul></ul></ul></ul><ul><ul><ul><li>2. how they handle network traffic </li></ul></ul></ul><ul><ul><ul><ul><li>choices are - routing firewalls </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>- bridging mode firewalls </li></ul></ul></ul></ul></ul><ul><ul><ul><li>3. the physical configuration of device </li></ul></ul></ul><ul><ul><ul><ul><li>choices are - server-based firewalls </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>- firewall appliances </li></ul></ul></ul></ul></ul>
  8. 8. INFO1200 – Hardening the Infrastructure <ul><li>Including IDSs & IPSs in Your Design </li></ul><ul><ul><li>- Two main systems for IDSs & IPSs to detect intrusions </li></ul></ul><ul><ul><ul><li>knowledge-based system – compares network traffic to known attack or intrusion signatures </li></ul></ul></ul><ul><ul><ul><li>behaviour-based system – examines traffic patterns and compares them with historical trends </li></ul></ul></ul><ul><ul><li>- optimal location for IDS/IPS depends on its features & functions </li></ul></ul><ul><ul><ul><li>passive IDS should be behind perimeter firewall closest to data to be protected </li></ul></ul></ul><ul><ul><ul><li>IPS capable of stopping DoS and DDoS attacks should be placed on perimeter network between perimeter router & perimeter firewall </li></ul></ul></ul><ul><ul><ul><li>IPS capable of quickly matching traffic patterns should be deployed inline to all network traffic right behind perimeter firewalls </li></ul></ul></ul>
  9. 9. INFO1200 – Hardening the Infrastructure <ul><li>Creating Network Segments </li></ul><ul><ul><li>- used to separate perimeter network into separate networks based on content & use </li></ul></ul><ul><ul><li>- enables network security devices to be implemented at boundaries between network segments allowing more control over network traffic </li></ul></ul><ul><ul><li>- methods used to segment perimeter network include: </li></ul></ul><ul><ul><ul><li>VLANs & Routers with Access Control Lists </li></ul></ul></ul><ul><ul><li>- ways to separate perimeter network architecture include: </li></ul></ul><ul><ul><ul><li>- segmenting network based on function and location of resources within each segment – ie. DMZ with web, mail servers </li></ul></ul></ul><ul><ul><ul><li>- segmenting network based on services resources within each segment provide </li></ul></ul></ul>
  10. 10. INFO1200 – Hardening the Infrastructure <ul><li>Designing an Internet Access Network </li></ul><ul><ul><li>Considerations when Designing Internet Access Network </li></ul></ul><ul><ul><li>Designing Logical & Physical Networks </li></ul></ul>
  11. 11. INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing Internet Access Network </li></ul><ul><ul><li>- based on top-down network design - 1 st collect requirements </li></ul></ul><ul><ul><li>- requirements generally broken down into two types – business & technical </li></ul></ul><ul><ul><li>- results are displayed in Table 10.1 of textbook </li></ul></ul>
  12. 12. INFO1200 – Hardening the Infrastructure
  13. 13. INFO1200 – Hardening the Infrastructure
  14. 14. INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for Internet Access Network </li></ul><ul><ul><li>- Logical design is displayed in Figure 10.2 in textbook </li></ul></ul><ul><ul><li>- Physical design is displayed in Figure 10.3 in textbook </li></ul></ul>
  15. 15. INFO1200 – Hardening the Infrastructure
  16. 16. INFO1200 – Hardening the Infrastructure
  17. 17. INFO1200 – Hardening the Infrastructure <ul><li>Designing Internet Application Networks </li></ul><ul><ul><li>Considerations when Designing Internet Application Networks </li></ul></ul><ul><ul><li>Logical & Physical Network Design </li></ul></ul>
  18. 18. INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing Internet Application Networks </li></ul><ul><ul><li>- similar top-down network design approach required as for Internet Access Network </li></ul></ul><ul><ul><li>- results are displayed in Table 10.2 of textbook </li></ul></ul>
  19. 19. INFO1200 – Hardening the Infrastructure
  20. 20. INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for Internet Application Network </li></ul><ul><ul><li>- Logical design is displayed in Figure 10.4 in textbook </li></ul></ul><ul><ul><li>- Physical design is displayed in Figure 10.5 in textbook </li></ul></ul>
  21. 21. INFO1200 – Hardening the Infrastructure
  22. 22. INFO1200 – Hardening the Infrastructure
  23. 23. INFO1200 – Hardening the Infrastructure <ul><li>Designing VPN & Remote Access Termination Networks </li></ul><ul><ul><li>Considerations when Designing VPN & Remote Access Termination Networks </li></ul></ul><ul><ul><li>Logical & Physical Network Design </li></ul></ul>
  24. 24. INFO1200 – Hardening the Infrastructure <ul><li>Considerations when Designing VPN & Remote Access Termination Networks </li></ul><ul><ul><li>- similar top-down network design approach required as for Internet Access Network & Internet Application Network </li></ul></ul><ul><ul><li>- results are displayed in Table 10.3 of textbook </li></ul></ul>
  25. 25. INFO1200 – Hardening the Infrastructure
  26. 26. INFO1200 – Hardening the Infrastructure <ul><li>Logical & Physical Network Design for VPN & Remote Access Termination Network </li></ul><ul><ul><li>- Logical design is displayed in Figure 10.6 in textbook </li></ul></ul><ul><ul><li>- Physical design is displayed in Figure 10.7 in textbook </li></ul></ul>
  27. 27. INFO1200 – Hardening the Infrastructure
  28. 28. INFO1200 – Hardening the Infrastructure
  29. 29. INFO1200 – Hardening the Infrastructure
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×