|
Introduction to Security
You see this a lot—typically, in medium to large enterprise networks, the various strategies for
security are based on some recipe of internal and perimeter routers plus firewall devices. Internal
routers provide additional security to the network by screening traffic to various parts of the protected
corporate network, and they do this using access lists.
To protect network device configure files from outside network security threats, use a firewall,
to restrict access from the outside to the network devices and use
SSH instead of Telnet to access device configurations.
Uses the terms
trusted network
and
untrusted network
and you can see where
they are found in a typical secured network as well as the demilitarized zone (DMZ), which
can be global (real) Internet addresses or private addresses, depending on how you configure
your firewall, but this is typically where you’ll find the HTTP, DNS, email, and other Internettype
corporate servers.
Instead of having routers, we can use virtual local area networks (VLANs) with switches on the
inside trusted network. Multilayer switches containing their own security features can sometimes
replace internal (LAN) routers to provide higher performance in VLAN architectures.
|