3.9 SIGNIFICANCE OF NETWORK LAYOUT IN NETWORK SECURITY

 The network layout has much influence over the security of the network. The placement of servers with respect to the firewall and various other computers can affect both network performance and security. There may even be areas of the network which are more secure than others. Some of these areas may be further protected with an additional firewall. A typical secure network diagram is shown below in Figure 3.3:


In the above diagram, the box labeled "IDS" is an intrusion detection system which may be a computer or devised designed to log network activity and detect any suspicious activity. In this diagram, it is shown outside the firewall on the semiprivate network and protecting the servers on the private network. It may be a good idea to place IDS just inside the firewall to protect the entire private network since an attack may be first launched against a workstation before being launched against a server.

The IDS protecting the servers could be moved to protect the entire private network, but depending on cost and requirements it is also good to protect your servers, especially the mail server.

The semiprivate network is commonly called a "DMZ" (for DeMilitarized Zone) in many security circles. In this diagram, the semiprivate network contains a mail relay box to increase security since the mail server is not directly accessed. The mail relay box routes mail between the internet and the mail server.

Other network equipment used includes:

  • · Routers: Used to route traffic between physical networks. Many routers provide packet filtering using access control lists (ACLs). This can enhance network security when configured properly. Routers can be configured to drop packets for some services and also drop packets depending on the source and/or destination address. Therefore  routers can help raise the security between different segments on a network and also help isolate the spread of viruses.
  • · Switches: A switch is used to regulate traffic at the data link layer of the OSI network model. This is the layer which uses the Media Access Control (MAC) address. It is used to connect several systems to the network and regulates network traffic to reduce traffic on the network media. This can reduce collisions.
  • · Media: The physical cable that carries the signal for the network traffic.
  • · Routers can be set up to perform packet filtering to enhance network security

Comments

Post a Comment

Popular posts from this blog

3.8 SECURE NETWORK DEVICES

 In this unit, we have already learnt that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around, your front door (or, firewall). Just as castlesweren't built with moats only in the front, your network needs to be protected at all of its entry points. Secure Modems, DialBack Systems If modem access is to be provided, this should be guarded carefully. The terminal server, or network device that provides dialup access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems which have the feature of a twopart procedure to establish a connection. The first part is the remote user di...
Read more

3.5 SECURITY ISSUES FOR SMALL AND MEDIUM SIZED BUSINESSES

 Small and medium sized businesses use the Internet and networked applications to reach new customers and serve their existing ones more effectively. At the same time, new security threats and legislation puts increased pressure on business networks to be reliable and secure. Business Challenges According to recent studies, security is the biggest challenge facing small and mediumsized businesses. Everchanging security threats from both inside and outside the business network can wreak havoc on business operations, affecting profitability and customer satisfaction. Small and mediumsized businesses must also comply with new regulations and laws created to protect consumer privacy and secure electronic information. Security issues for small and medium – sized businesses are classified into 5 basic categories: Worms and Viruses As per research, Computer worms and viruses remain the most common security threat, with 75 percent of small and medium businesses affected by it.. Worms and v...
Read more

3.4 TOPOLOGIES

Image
 In computer networking, topology refers to the layout of connected devices. You can think of a topology as a structure of a network. This shape does not necessarily correspond to the actual physical layout of the devices on the network. Network Topology is the study of the arrangement or mapping of the elements (links, nodes, etc.) of a network interconnection between the nodes. It also determines the strategy for physically expanding the network, in future Topologies can be physical or logical. Physical Topology means the physical design of a network including the devices, location and cable installation. Logical Topology refers to the fact that how data actually transfers in a network as opposed to its design. Following are the considerations for choosing a Topology: · Costing: Some kind of topology may be less expensive compared to others in terms of installation (for example Bus topology). · Length of cable: It is needed to connect machines in a network. · Network scalability:...
Read more