1 / 7

Network Security Principles & Practices

Network Security Principles & Practices. By Saadat Malik Cisco Press 2003. – Chapter 2 – Defining Security Zones. What are security zones? DMZ Cisco PIX firewalls. Network Architecture. The topological design of a network is one of the best defenses against network attacks.

duane
Download Presentation

Network Security Principles & Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Security Principles & Practices By Saadat Malik Cisco Press 2003

  2. – Chapter 2 – Defining Security Zones • What are security zones? • DMZ • Cisco PIX firewalls Network Security

  3. Network Architecture • The topological design of a network is one of the best defenses against network attacks. • Using zones to segregate various areas of the network from each other. • Different zones of the same network have different security needs. • Better scalability Network Security

  4. Zoning strategies • Greater security needs, more secure zones • Controlled access to zones • Publicly accessed servers are placed in separate zones from private servers. • To achieve highest security, each server is placed in a separate zone. Why? • The ‘defense in depth principle’ - Firewalls are used to separate the zones. Network Security

  5. DMZ • Different ways of creating demilitarized zones: • Using a 3-legged firewall • Placing the DMZ outside the firewall ‘Bastion hosts’ are placed in the DMZ. • In the path between a firewall and the Internet • Dirty DMZ Rationale ? • Placing the DMZ between stacked firewalls Network Security

  6. Cisco PIX Firewall • Multiple interfaces, each with its own security level (lowest 0 .. 100 highest) • May support multiple security zones, thus allowing multiple DMZs to be set up • In general, a computer/device in a lower security zone cannot access computer/device in a higher security zone, unless a ‘hole’ is created. • Each security zone should have a unique number. Network Security

  7. Cisco PIX Firewall • Example configuration: • nameif ethernet0 outside security0 • nameif ethernet1 inside security100 • nameif ethernet2 dmz security50 Network Security

More Related