Generally, the ultimate goal of implementing security on a network is achieved by following a series of steps, each aimed at clarifying the relationship between the attacks and the measures that protect against them.
Step 1. Identify what you are trying to protect.
Step 2. Determine what you are trying to protect it from.
Step 3. Determine how likely the threats are.
Step 4. Implement measures that protect your assets in a cost-effective manner.
Step 5. Review the process continuously, and make improvements each time you find a weakness.
Network Security Architecture Implementation
As soon as the security policy has been defined, the next step is implementing the policy in the form of a network security design. We will discuss various security principles and design issues throughout this book. The first step to take after a security policy has been created is to translate it into procedures. These procedures are typically laid out as a set of tasks that must be completed to successfully implement the policy. These procedures upon execution result in a network design that can be implemented using various devices and their associated features.
Generally, the following are the elements of a network security design:
- Device security features such as administrative passwords and SSH on the various network components
- Firewalls
- Remote-access VPN concentrators
- Intrusion detection
- Security AAA servers and related AAA services for the rest of the network
- Access-control and access-limiting mechanisms on various network devices, such as ACLs and CAR
No comments:
Post a Comment