Basic Network Design

Agenda

Network Design

Review Basic Network Design

Considerations
Examine Typical Network Designs
Discuss Wireless Network Designs

Wireless Network Security

Data Security

Network Design

Reminders:
Data Security is Critical
Data Security Policy is Critical
Network Security is a Only Part of the
Information Security Program
See Also: TrueCrypt, PGP Desktop,
Microsoft EFS, Microsoft BitLocker,
Axcrypt, Credent Mobile Guardian, etc.
There is a trend in the industry to focus
much more highly on Data

Wireless Network Security

Basic Network Design

Network Design

Network Security Architectures (Cisco

Press) Sean Convery
Numerous Design Examples
Note: Wireless LANS p424-441
Threat Analysis and Policy Driven Designs
Special Considerations for Deployment
Types: Applications, Identity Management,
VPNs, VOIP, Wireless, Etc.
Small, Medium, and Large Networks
4

Wireless Network Security

Design Considerations

Network Design

Business Goals
Security Requirements
Size of the Organization
Available Staff
Budget
Industry Standards Best Practice

Wireless Network Security

Design Considerations

Network Design

Network Devices
Security Devices
Application Usage
Identity Management
Network Topology
Security Zones
Infrastructure, Power/Wiring/Cooling
Redundancy and High Availability
6

Wireless Network Security

Security System Design

Sean s Ten Steps to

Designing Security
Systems, p467

Network Design

Review Security
Policy

Analyze Current
Network

Select and Evaluate

Products

Design a Rough Draft

Evaluate/Revise
Design

Finalize Design

Reevaluate

Implement 1st Phase

Implement Remaining
Phases

Test Components

Wireless Network Security

Simple Firewall Designs

Network Design

Router with ACL s, No Firewall

Firewall Single Segment
Firewall Unprotected DMZ
Firewall With DMZ Segment

Wireless Network Security

Router With ACLs

Network Design

Wireless Network Security

Firewall, Single Segment

Network Design

10

Wireless Network Security

Firewall, Unprotected DMZ

Network Design

11

Wireless Network Security

Firewall, DMZ Segment

Note: switches not shown to improve readability

Network Design

12

Wireless Network Security

VPN and IDS/IPS Designs

Network Design

VPN and IDS Designs

Firewall Location Issues
Security Permiter Issues
IPS Is More Like a Firewall Than an IDS

13

Wireless Network Security

VPN and Firewall

Network Design

14

Wireless Network Security

IDS and Firewall

Network Design

15

Wireless Network Security

Wireless Designs

Network Design

Wireless LANS p424-441

Access Point Configuration
Rogue APs
Radio Issues
802.1x, 80211i, SSL/TLS, IPSEC
Differentiated Group VLANS
Tend to be Proprietary
Match each SSID to a VLAN
More on All of the Above Later

16

Wireless Network Security

Wireless Authentication
Gateway

Network Design

17

Wireless Network Security

Wireless Guest

Network Design

18

Wireless Network Security

Wireless Multi-VLAN

Network Design

19

Wireless Network Security

Enterprise Designs

Network Design

Things can Get Complex Very Quickly

How Large Is Your Enterprise
What Kind of Design Is Manageable

20

Wireless Network Security

Enterprise Design

Network Design

21

Wireless Network Security