Designing a Secure Lan

Only available on StudyMode
  • Download(s) : 43
  • Published : April 15, 2012
Open Document
Text Preview
Interested in learning more about security?

SANS Institute InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.

Designing a Secure Local Area Network
In order to design and build a well-secured network, many factors must be taken into consideration, such as the topology and placement of hosts within the network, the selection of hardware and software technologies, and the careful configuration of each component. My paper will be an examination of some of the issues in designing a secure Local Area Network (LAN) and some of the best practices suggested by security experts. I will discuss securing a LAN from the viewpoint of the network architect considering three mai...

Copyright SANS Institute Author Retains Full Rights

AD

Designing a Secure Local Area Network Daniel Oxenhandler GSEC – ver. 1.4b Introduction In order to design and build a well-secured network, many factors must be taken into consideration, such as the topology and placement of hosts within the network, the selection of hardware and software technologies, and the careful configuration of each component. My paper will be an examination of some of the issues in designing a secure Local Area Network (LAN) and some of the best practices suggested by security experts. I will discuss securing a LAN from the viewpoint of the network architect considering three main areas: the network Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 topology which comprises the physical and logical design of the network; securing the routers and switches which connect segments and hosts to form the network; and, finally, some of the emerging and advanced techniques in network security will be examined. Initial Assumptions and Challenges My goal is to examine some of the security issues commonly found in the small to medium sized LAN set up for a business or other institution, and to identify some of the best practices from the perspective of the network designer. While no two networks are exactly alike, some of the typical challenges faced by the network designer include the following: • Securing the network from Internet launched attacks • Securing Internet facing web, DNS and mail servers • Containing damage from compromised systems, and preventing internally launched attacks • Securing sensitive and mission critical internal resources such financial records, customer databases, trade secrets, etc. • Building a framework for administrators to securely manage the network • Providing systems for logging and intrusion detection Before beginning the design process, a security policy should be put in place, or updated to accurately reflect the goals of the company. Additionally, a realistic assessment of the risks faced, and identification of the resources (manpower, hardware, budget) that are available should be made. Once the organization's security policy and the available resources have been identified the design process can begin. Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 I have made the following assumptions for the sake of this discussion – we wish to secure a small to medium sized (under 500 hosts) TCP/IP based LAN which is connected to the Internet via broadband or other high speed connection. We

© SANS Institute 2003,

©

SA

NS

In

As part of the Information Security Reading Room.

sti

tu

te

20

03

,A

ut

ho

rr

eta

ins

fu ll r igh ts

Author retains full rights.

have a need for a reasonable amount of security because of mission critical records or proprietary information, but we are not guarding nuclear secrets or Fort Knox. Lastly, we will assume that we have adequate human resources and budget dollars to acquire and configure an optimum set of network technology. I will attempt to identify practices and technologies which can be tailored and applied appropriately to the...
tracking img