Building a Secure Network
The architecture and build design of a secure network is a very intricate and detailed process. It requires a seasoned hand for the development and implementation of the network diagram. A network diagram is a graphical representation containing your backbone equipment, IP addresses, ISP, host machines, and peripherals. Mostly all network diagrams for SOHO networks are the same but may different depending upon the needs of the company. This context will describe and explain the design considerations that should go into building a secure network.
The first step in building secure network is creating the network topology. The topology is a physical and logical layout of the network. It is the DNA and basis of network design. A basic network will contain an Internet Service Provider (ISP) router, boundary router, firewall, switches, severs, and local hosts. The ISP is connected to the border router. The border router is the outside/inside router. The outside is public interface and the inside is the private interface. The boundary router is the first line of defense for traffic coming inside and going outside the network. The router must be configured properly to mitigate the vulnerabilities coming inside the network. The passwords for the router should be strong. Password should not be a common word. They should be alpha numeric with symbols and more than 8 characters. One must consider what ip’s are allowed to send and receive from the outside. IP tables are constructed within the router. These tables contain access lists which will filter the all traffic inbound and outbound outside in a network. Static routing with the router is a good practice it alleviates DDos attacks. Router interfaces not in use are disabled because this closes the door on attacks.
An external firewall is placed between the boundary router and LAN switch and an internal firewall after the LAN switch. this provides another layer of protection. A firewall monitors and prevents various types of attacks. There four basic types of firewalls. The four types are a packet filter firewall, stateful inspection firewall, application proxy firewall and a circuit level proxy firewall. Each of these firewalls is designed differently. Packet filter firewall is the simple firewall. It monitors each data packet coming in or out. It has a rule base to regulate which data packets are permitted or prohibited. This firewall monitors each data packet based on the source and destination ip addresses and port numbers found within the header of the packet. It is easy to configure but is susceptible to ip spoofing attacks. Stateful filter firewalls inspect the information within the data packets. The filter checks for the stability of the connections and legitimacy of the packets coming from those connections. It provides a more...