Network security implementation relies on a thorough understanding of your organization, its goals, its risks, and the technologies employed within your IT infrastructure. Before you can properly deploy network security, you must first design it. Most network security designs include layers of defense, as well as sufficient capacity for growth.
Network security includes an evaluation of the protocols and methods your organization uses. If the current design is insufficient, replace it with a design that addresses productivity and security. You need to assess the addressing schemes in use—whether public or private, static or dynamic—in light of how each improves or detracts from security.
Other important components of network security design and deployment include controlling communication pathways; hardening systems; and selecting proper equipment, authentication, authorization, accounting, communication encryption, types of hosts, redundancy, and node security specifics.
This chapter also introduced the concept of risk assessment and management to aid in determining the proper number of firewalls and other security measures. While the terms are important, it is essential to understand how to convert risk into a quantifiable number and address it in a way that properly protects and defends the network.
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Authentication, authorization, and accounting (AAA)
Dictionary password cracking
Identity and access management (IAM)
Internet Assigned Numbers Authority (IANA)
Network News Transfer Protocol (NNTP)
Redundant array of inexpensive disks (RAID)
Regional Internet Registry (RIR)
Router anti-spoofing
Simple Mail Transfer Protocol (SMTP)
Tangible
Uninterruptable power supply (UPS)
3.133.156.251