network security principles practices n.
Skip this Video
Loading SlideShow in 5 Seconds..
Network Security Principles & Practices PowerPoint Presentation
Download Presentation
Network Security Principles & Practices

Loading in 2 Seconds...

play fullscreen
1 / 7

Network Security Principles & Practices - PowerPoint PPT Presentation

  • Uploaded on

Network Security Principles & Practices. By Saadat Malik Cisco Press 2003. – Chapter 2 – Defining Security Zones. What are security zones? DMZ Cisco PIX firewalls. Network Architecture. The topological design of a network is one of the best defenses against network attacks.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Network Security Principles & Practices' - duane

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network security principles practices

Network Security Principles & Practices

By Saadat Malik

Cisco Press


chapter 2 defining security zones
– Chapter 2 – Defining Security Zones
  • What are security zones?
  • DMZ
  • Cisco PIX firewalls

Network Security

network architecture
Network Architecture
  • The topological design of a network is one of the best defenses against network attacks.
  • Using zones to segregate various areas of the network from each other.
  • Different zones of the same network have different security needs.
  • Better scalability

Network Security

zoning strategies
Zoning strategies
  • Greater security needs, more secure zones
  • Controlled access to zones
  • Publicly accessed servers are placed in separate zones from private servers.
  • To achieve highest security, each server is placed in a separate zone. Why?
  • The ‘defense in depth principle’

- Firewalls are used to separate the zones.

Network Security

  • Different ways of creating demilitarized zones:
    • Using a 3-legged firewall
    • Placing the DMZ outside the firewall

‘Bastion hosts’ are placed in the DMZ.

      • In the path between a firewall and the Internet
      • Dirty DMZ

Rationale ?

    • Placing the DMZ between stacked firewalls

Network Security

cisco pix firewall
Cisco PIX Firewall
  • Multiple interfaces, each with its own security level (lowest 0 .. 100 highest)
  • May support multiple security zones, thus allowing multiple DMZs to be set up
  • In general, a computer/device in a lower security zone cannot access computer/device in a higher security zone, unless a ‘hole’ is created.
  • Each security zone should have a unique number.

Network Security

cisco pix firewall1
Cisco PIX Firewall
  • Example configuration:
    • nameif ethernet0 outside security0
    • nameif ethernet1 inside security100
    • nameif ethernet2 dmz security50

Network Security