Sunday, December 9, 2012

Network Security & the year ahead - Part 1

I have been tremendously busy sculpting away design for datacenter spanning across the globe. I have been working across timezone to the point that I sleep and wake up at different time everyday. My body is taking the toll but the sheer pleasure of visualizing and implementing the DC keeps me going.

I truly believe network security will be the primer for me the year ahead along with the datacenter  designs. Security has become important as it was never before. With the innovation in technology and devices the amount of restriction you can pose has gone down, which means you need to watch every packet and beef up the security but at the same time not compromise on the throughput of your network.

Cisco and other vendors are constantly coming up with new devices and technologies to keep the networks safe. But every customers network is different and every customers ability to invest is different. This is where we need to understand how and what to deploy with a certain product or should i say products.

Think of security and the first obvious thing to pop in the head is the firewall. The first line of defence is always the firewall. It is always best to visualise a multi vendor firewall design so that if one gets compromised the other will protect and vice versa. In other words one firewall to keep all the nonsense of the internet out and the other to inspect the assumed legitimate traffic is legitimate.

Going in with a multi-vendor approach increases the investments to be made, but again there is a option of using vendors or ISP themselves who provide managed perimeter security.
Firewalls are not the only security measure,With security requirements at its peak, I beleive security needs to be  classified into different categories namely;

  • Datacenter Security - This is a broad classification but mainly deals with a core DC being setup
  • Branch Office network Security - This might be small to large branch office where only users work out of
  • Enterprise network Security - This will comprise of large enterprise with a large variant of users and equipments being used
  • Remote Access Security - This comprises of security when remote users connect to the office
  • Inter Connectivity Security - This might be a layer 2 or layer 3 link that connects two offices or DC
  • Access Security - This deals with the ability of users and equipments to access the network
  • Communication Security- This deals with messaging

It may not be fancy terms but this is the way I  dice up security whenever I design networks. It is imperative that each of this has varying needs, except for that they need to be as secure as possible.

Network Security is a Horizontal that spans across different types of networks.

It is very interesting to see the videos of hackers looking for information on the honeypot systems. It is very important to understand the weakness of the protocols, which will help us enable secure them.Using case studies of networks which were compromised, we can try and understand what the weakness was, how they exploited it, what defence was in place & what was the solution/workaround.

I have noticed that once there is a weakness or flaw in the security that is exploited this information seems to spread rapidly across the blackhats. But unfortunately the same is not true with people who secure the network. Anybody can become the victim of the same exploit.


  1. Hi, I was just looking for some information on technologies and devices that can help in keeping networks safe, and found this post. Can you help me in this respect?


Top 7 popular posts on cciedash !