Hardening Network Infrastructure. Bulletproof Your Systems Before You Are Hacked.
Overview
A network is a Twinkie. I have heard numerous people make that reference, and it is a pretty accurate, albeit entertaining, reference. Much like a Twinkie, the good stuff in a network is on the inside, and you want to protect that stuff with a tough outer shell ”the network perimeter.
This chapter builds upon the device-hardening methods we have talked about in the previous ten chapters and looks at how we can use that information and those devices to provide a secure, hardened perimeter to protect our interior network.
The best methodology for hardening the perimeter that I have found is the Cisco SAFE blueprint (http://www.cisco.com/safe), and this chapter follows and builds on that methodology. We will look at a number of aspects of the network perimeter, including the following:
-
DMZ implementation methods The different techniques of implementing secure access to resources in the network perimeter
-
Internet access module The collection of devices that provides Internet connectivity
-
VPN/remote access module The collection of devices that provides virtual private network (VPN) and remote access connectivity
-
WAN access module The collection of devices that provides wide area network (WAN) connectivity
-
Extranet access module The collection of devices that provides extranet connectivity to external partners
-
Wireless access module The collection of devices that provides wireless network connectivity
-
E-commerce access module The collection of devices that provides e-commerce services