Team LiB
Previous Section Next Section

Chapter 6. Secure Design

On completing this chapter, you will be able to

  • Explain network design principles

  • Explain network design methodology

  • Describe Return On Investment in regard to network design

  • Explain physical security issues

  • Describe the strategy of defense in depth

The goal of network security is to protect networks (including equipment, servers, content, and applications) against attacks, with the intent of ensuring data and system availability, confidentiality, and integrity. This chapter briefly covers the basics of a secure network design, taking that goal into consideration.

During the initial design phase of a network, the network architects identify the risk of attacks as well as the costs of repairing damage from attacks for all the network equipment, applications, and services. Cost-benefit analysis, Return on Investment, and Total Cost of Ownership are some of the techniques at hand for making these decisions.

As discussed in Chapter 5, "Security Policies," the roadmap for the implementation of network security and the driver behind the network security design process is the security policy. The security policy, which ideally is designed by both the network design and IT security teams, addresses security requirements and implementation guidelines. The security requirements for each process and service need to be defined before the network is divided into modules. Each module can then be treated separately and assigned a different security role.

Cisco has developed a comprehensive blueprint using this modular approach called Security Architecture for Enterprises (SAFE). The objective of SAFE is to have multiple layers of security so that intruders have limited access to certain parts of the network. This blueprint serves as a guide to network designers who are considering the security requirements of their network.

SAFE takes a defence-in-depth approach to network security design. This methodology focuses on expected threats and methods to mitigate them, resulting in a layered approach to security. With a layered approach, the failure of one security system is not likely to lead to the compromise of the network resources. More information on SAFE can be found in Appendix A, "SAFE Blueprint."

This chapter starts by delving into network design principles and methodologies so that you can gain a basic understanding of these network design concepts.

    Team LiB
    Previous Section Next Section