BUILT SECURE NETWORKS

BUILT SECURE NETWORKS

Of the various components that go into making a network secure, one to the first things to establish is what exactly needs to be protected. A number of different network element types exist on a network, and all of these must be considered throughout the design process. Table 1-1 shows a number of these different elements that must be considered when building a secure network.

Table1-1  

Network Security Elements

Target	Potential attacks
Routers	The types of attack used against a router depend on the attacker’s intent. An access attack is used if the intent is to gain access to the router or network. A denial of service (DoS) or distributed DoS(DDos) attack brings down the router or to introduce routing changes to redirect traffic and deny access to the network.
Firewalls	Attack against firewalls are virtually are the same as routers; however, the techniques might differ depending on the size and types of firewall being attacked
Switches	Any attack on specific network switch will affect how traffic flows across that segment. Because network traffic concentrates at the switches, it is important to ensure that all switches are secure. This issue has become even more important with the deployment of layer 3 switches in place of routers.
servers	Servers can be a large target for attackers because they are used for data storage as well as computer and network access. If an attacker was able to exploit a serve, many of the devices in the network will be instantly vulnerable as data from the server can be used to access them.

The next thing to determine is that exactly needs to be down for the network and elements on the network to stay secure. Three of the main aspects of network data that need to be secured include confidentiality, integrity, and availability, as outlined in table 1-2.

Table 1-2

Security Aspects

Confidentiality	The ability to maintain the confidentiality of the data on company’s network could make or break a company. If any amount of data is able to be harvested and distributed without authorization, number of things could happen. This includes everything from identify theft and sabotage to espionage.
Integrity	The integrity of data is one thing that many take for granted. Has any data that has been received been altered in transit? If the answer to this question is ever unknown, nothing that we rely on though this data can be trusted, for example, what would happen if someone was able to hack into the database of a credit reporting agency and alter late payments or delinquencies on your account? The information that is received by creditors would be incorrect, and thus decisions made based on this information would be incorrect.
Availability	The availability of the device and data on networks is one of most obvious and most noticed problems. Is the network available? Are the servers up and running as they should be? Many attacks that are launched on companies are not looking to exploit the data on their networks but to just interfere with their business operations. These types of attacks also require less technical skill and are thus easier to carry out.