Designing Secure Networks
3 Strategies For Secure Networks
- Network Segmentation
- Choke Points
- Creating Redundancies
Benefits of secure networks:
By designing your networks properly, you can:
- prevent some attacks entirely
- mitigate other attacks
- when you fail, fail in a graceful way
Network Segmentation
One strategy for reducing the impact of attacks is network segmentation.
Network segmentation is when you divide a network into multiple smaller networks called subnets.
- can control the flow of traffic between subnets
- allow or disallow traffic based on variety of factors
- block traffic entirely
- Also called network isolation
The goal is to provide granular access control for each segment/subnet.
Benefits:
- boost network performance by containing certain traffic to the portions of the network that need to see it
- help localize network issues
- can prevent unauthorized network traffic or attacks to sensitive portions of the network
Implementing Network Segmentation
Choke Points
You can also secure your networks by funneling traffic through choke points, or locations where you can inspect, filter, and control the traffic.
- E.g.,
- could be routers that move traffic from one subnet to another
- firewalls that filter traffic through your networks or portions of your networks
- application proxies that filter the traffic for applications such as web or email
Creating Redundancies
Creating redundancies when designing your networks can also help mitigate issues.
Certain technical failures or attacks may render portions of your technology—including networks, network infrastructure devices, or border devices such as firewalls—unusable.
When this happens, you can switch to a different internet connection or route traffic through a different device until you can come to a longer-term solution.