This chapter provided an overview of basic security concepts and controls that can be used by administrators to secure physical devices and media. One of the most important topics, controlling who can access the network and how, was further expanded.
Firewalls are the focal points of overall network access policy. Several types of firewalls provide network security on various levels of the OSI model. However, they are all designed for one purpose: to keep the intruders out. Depending on their architectures, firewalls can recognize less complex attack patterns and alert administrators or take action to restrict all communications from the source of an attack. Firewalls can be used to implement three basic security topologies, ranging from a standalone security device; to a standalone security device limited to talking to one or more application gateways; to multiple security devices transforming a portion of the intranet into a secure, publicly accessible zone called a DMZ. Email, DNS, and Web servers are typically placed in the DMZ zone where strict access rules apply to all incoming connections.
In addition to securing the network with physical devices, administrators must ensure that communication and storage media as well as critical network devices are secure. This means cabling concentrators and infrastructure equipment must be locked in server rooms or wiring closets, and physical server access must be monitored, restricted, and tightly controlled.
Removable media security concerns most organizations because of backup technologies and the vast acceptance of magnetic tape devices as de-facto standard backup media. Backup is one of the major components of a disaster recovery plan. Backup media must be properly labeled, guarded, and archived offsite. An archiving plan should also include the decommissioning of archived backups.
Demilitarized zone (DMZ)
Intrusion detection system (IDS)
Network address translation (NAT)
Public branch exchange (PBX)
Public switched telephone network (PSTN)
Remote monitoring (RMON)
Shielded twisted pair (STP)
Simple Network Management Protocol (SNMP)
Unshielded twisted pair (UTP)
Virtual local area network (VLAN)