This document discusses considerations for designing a secure network. It emphasizes that network design should incorporate security from the beginning. Key aspects of design include separating assets by trust levels, using firewalls and other tools to monitor and secure multiple systems, and avoiding single points of failure to ensure availability. The Cisco hierarchical model is commonly used, with core, distribution, and access layers to efficiently move and aggregate traffic while controlling access. Performance, availability, and security should all be priorities in network planning.

1. NETWORK DESIGN CONSIDERATION
Presented by,
M.Lavanya
M.Sc (cs & it)
Nadar Saraswathi College of arts & science,
Theni.

2. INTRODUCTION TO SECURE NETWORK DESIGN
• All information systems create risks to an organization and whether or not
the level of risks introduced is acceptable in a business decision.
• Controls such as firewalls, resources isolation, hardened system
configuration , authentication and access control system.
• And encryption can be used to help of identified risks to accepted levels.

3. Acceptance Risk:
• Acceptance level of risk depends on the individual organization and its
ability to tolerant risk.
• An organization that is risk averse will ultimately accept lower levels of
risk and require more security controls in deployed systems.
• Management risk tolerance is expressed through the policies, procedures
and guidelines issued to staff.

4. • Thus the design and configuration of the infrastructure becomes the
enforcement of those documents.
• Managements policies and security requirements can also be influenced by
external sources, such as government regulation and consumer pressure.
• For example: health-care organization and other companies that handle
medical information must develop information technology(IT) system.

5. Designing Security into a Network:
• Security on top of an exiting network can be expensive and difficult to
implement properly.
• Separating assets of differing trust and security requirements should be an
integral during design phase .
• Aggregating assets that have similar security requirements on dedicated
subsets.

6. • Organization to use small numbers of network security devices, such as
firewall and intrusion-detection system, to secure and monitor multiple
application system.
• Other influence includes budgets, availability requirements, network size
and scope, future growth expectation, capacity requirements and
management tolerance of risks.

7. Network Design Models:
• Large number of entrances and exits makes any attempt to control access to
the shopping mall expensive and difficult.
• Screening mechanisms would be required at each door to identify and
block unwanted visitors.
• Networks built with many connection to other network will be inherently
harder to secure due to the number of access control mechanisms that must
be implements and maintained.

8. Designing an Appropriate Network:
• Network design must provide the ability to grow and support future
network requirements.
• Common steps such information include project stakeholders, application,
system owners, developers, management and users.
• Adequately understanding these elements will ensure that project goals are
met and appropriate network performance and security controls are include
in the design.

9. The Cost of Security:
• security control mechanisms have expenses associated with their purchase,
deployment, maintenance and implementing these system in a redundancy
can increase costs significantly.
• Appropriate redundancy and security controls for a system or network to
create a number of negative scenarios in which a security breach.
• For example: spending $200,000 to upgrade trading system to 99,999
percentage availability may expensive surface, but it is a trivial expense
$250,000 per hour of outage.

10. PERFORMANCE
• Network are getting faster and faster, evolving from 10 megabit to 100
megabit to gigabit speeds.
• The bandwidth requirements projected for two or three year in the future.
otherwise expensive replacements or upgrades may be required.
• Application and networks that low tolerance for latency, such as those
supporting video and voice streaming.
• The Cisco Hierarchical Internetworking model is an extremely common
design implemented in large scale network today. This model is derived
from Public Switched Telephone Network (PSTN) model.

11. Cisco Hierarchical Internetworking model
Access
layers
Distribution
layer
Distribution
layer
Core
layer
Users Users Users
Accounting
InternetServer network
Human Resources Manufacturing
Core

12. Three main layers commonly referred to as core, distribution and access layers.
• Core layer: Forms the network backbone and focused on moving data as
fast as possible between distribution layers. it should not be used performed
CPU- intensive operations such as filtering, compressing, encryption or
translating network address for traffic.
• Distribution layer: Sits between the core and access layer. This layer is
used to aggregate access layer traffic for transmission into and out of the
core.
• Access layer: Composed of the user networking connections.

13. AVAILABILITY
• Network availability requires that system are resilient and available to users
on a timely basis.
• The opposite of availability is denial of service, user cannot access the
resources they need a timely basis.
• Unavailable system cost real dollars in lost revenue and employee
productivity and negative publicity.
• The best practice for availability is to avoid single points of failure within
the architecture. A fully redundant solution can be extremely expensive to
deploy and maintain.

14. • Example of other firewall failover mechanisms include the Cisco PIX
Firewall. The backup firewall uses a heartbeat to monitor the status of
primary firewall.
• Router can also deployed in high availability configuration. Cisco router
use a proprietary protocol called Hot Standby Routing Protocol(HSRP) to
enable a secondary router.
• A true high availability design will incorporate redundant hardware
components at the switch, network, firewall, and application levels.

15. SECURITY
• Each node on a network performs different function and contains data of
differing security requirements.
• Devices contains highly sensitive information that could damage an
organization to unauthorized individuals.
• Designing and implementing security in network and system architecture,
is helpful to identify critical security controls.
• For example: firewalls protect hosts by limiting what services users can
connect to on a given system.

16. • Firewall can allow different sets of user selective access to different
service, such as system administrators services while preventing non-
administrative users from accessing those same services.
• For example: firewall to connect to various authorized services. In order
for an organization to send and receive email.
• The network perimeter consists of all external most points of internal
network . Each connection to another network, whether to internal or
external third party creates an entry points the perimeter that must be
secured.