HOW TO DESIGN THE RIGHT NETWORK

 

The process of redesigning a network is often confused with hardening a network. A network redesign happens when structural changes affect the flow of information. An example is separating a network into smaller, independent networks. Most network threats come from the inside. A user in one department often exploits knowledge of the network and the business to launch attacks on other parts of the network. Splitting (segmenting) the network is one technique used to minimize these threats. It prevents users from accessing machines in unrelated business units. At the most, they’ll only be able to access the systems within their own unit.The best way to deal with internal threats is awareness. An employee who is attacking the network probably has other work-related problems. His manager and co-workers are in a good position to spot such issues. By limiting the threat within a business unit, accountability is directly in the hands of those affected.


An ideally designed network would be incredibly difficult to attack from either the inside or the outside. But ideal designs are not practical. Their restrictions create far too much inconvenience for the average business.The practical needs of business often require making compromises in network design, balancing functionality against security. Consequently, most real networks contain insecurities, even those designed with security in mind from the start. Common vulnerabilities include services that don’t need to run and systems that can be exploited because of hardware or software flaws. An ideal network would never interact with untrusted systems. In the real business world, that’s not practical because people often need to:


• Access external untrusted resources from within the network
• Access internal resources from machines on external untrusted networks.
• Exchange information quickly and readily within the organization.
This functionality comes at the cost of weakened security. Uncontrollable and untrusted elements will have pathways into the network. Internal threats may have greater potential for damage.Network hardening technologies compensate for these and other common design compromises (try saying that three times quickly). They can do the following:
• Provide a central choke point where both internal access to the outside andexternal access to the inside can be controlled (firewalls).
• Restrict access based on per-user authentication (proxies).
• Prioritize the use of shared network resources (traffic shaping).
• Keep data secure when it travels across insecure networks (virtual private networks [VPNs]).


 

 

 

COMPUTER SERVICES

Computer Security

Computer Repair

Disaster Recovery

Data Backup

Hard Drive Recovery

System Maintenance

NETWORK SERVICES

IT CONSULTING SERVICES

Cloud Computing

Data Encryption

Articles

 

powered by seo expert nyc