Security professionals need to analyze security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network and to provide the appropriate authentication and authorization controls.
Designing a modern enterprise network has many practical and security challenges. De-perimeterization means that access to information systems may be made from devices outside of the enterprise network. The types of devices can range from a handheld smartphone used to access a customer record to an Internet of Things (IoT) device transmitting telemetry data to a critical monitoring dashboard.
Regulatory or industry compliance may require strict network segmentation between processes and business units (BUs).
It is important to consider all the threat actors when you plan your network—think Defense in Depth (DiD).
This first chapter is an essential building block for the following chapters. It is the information systems on our networks that provide the data and services for an enterprise.
In this chapter, we will cover the following topics:
- Physical and virtual network and security devices
- Application- and protocol-aware technologies
- Advanced network design
- Network management and monitoring tools
- Advanced configuration of network devices
- Security zones