In today’s technological environment, there are many tools that are easily obtainable and deployed by individuals with nefarious intent. From Windows or Linux based applications, to entire operating systems and software suites are readily available for a quick download. These facts drive network administrators to use innovative means with which to keep the attackers at bay. When designing a network, architects and administrators must make security an integral part of drafting the documentation, physical and software requirements that go into building a secure network.
Regardless of the size of the project, a good plan should be the first step in the process. The principal question that should be asked is: What is the purpose of this network and what are the resources required to meet this purpose? This will lead to creating a project plan that will include all of the standards which will be utilized to design, implement, test, review and revise the entire process as required. Amongst those standards should be a clear, thorough and concise security policy to use during the implementation of every network asset. Physical security, software and configuration for all aspects of the network design must be addressed in the security policy.
Detailed plans for meeting the physical security requirements are paramount to achieve the creation of a secure network. The physical security for critical network assets must be adequate when compared to the severity of damages that a breach could cause. Integrity of construction, cypher locks, access cards, keypads, biometrics, cameras, and guards with access logs are all considerations that must be specified as appropriate for the network and the data which will be used on it. The level of clearance at the individual level should dictate the level of physical access to workstations, servers and network devices. Additionally, data handling and chain of custody for backups are critical aspects of the security policy.
Password complexity, length, and expiration are only a small portion of an effective security posture. A sound Active Directory schema must be designed to establish a hierarchy of rights and permissions by group and user. Inherited, special and granular right and permissions for access and authentication to all areas must be addressed by group policy. Departments should be separated by organizational units and administrative rights and permissions must be strictly regulated.
The implementation of virtual local area networks (VLAN) to segregate departments within the organization is an effective manner to create another layer of security. But VLANs are mainly an effective way to increase network speed by reducing the amount of hosts in a collision domain. Although VLANs are great, there are techniques that can be used to transfer between VLANs. To secure traffic at the network layer access lists and firewalls are...