I have mentioned before that every network has its own quirks and design needs. Due to that, one
can only offer generic advice on a network’s security posture. Let’s take a look at a typical network and comment on it.
Computer network design can vary wildly from one corporation to the next. That said most networks follow the same design principles. By design principles I mean there is generally a demilitarized zone of DMZ where servers such as the mail, dns, and web server are found. This DMZ is kept relatively unprotected, and in turn is firewalled off from the rest of the internal network or intranet. This DMZ is there for good reason as services which companies have to offer like their web and email server are accessible via the Internet. If they are accessible then they are vulnerable to attack. We all know that there is a tremendous amount of “white noise” aka port scans, bot activity, and so on seen on the Internet at any given time. Bearing the constant threat it only makes sense then to have your publicly accessible servers firewalled off from the rest of the network. Network design and defense
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag