Without network components, there is no network, and without consideration for these components, there is no security! The first step toward a secure network topology is to examine the devices and systems used to implement it. The following considerations and types of equipment are common to an organization:

· Access devices

· Security devices

· Servers and systems

· Organization and layout

Access Devices

The access device is the piece of network equipment that provides Internet access and intercommunication between networks and is the first element required for an Internet-accessible organization. Organizations may not need an access device, but if they want to communicate with other networks or to provide access from the outside to employees or Internet users, an access device is needed. Access devices come in many forms; the most common are modems and routers.

There are generally two (or more) interfaces on an access device. The interfaces to which the network of the organization connects are considered the internal interface of the router (or other equipment). The interfaces that connect to the Internet service provider (ISP) are the external interfaces. The internal network comprises those systems and equipment on the internal side of the router. The network or networks accessible from the Internet form the external network.

The use of the access device has a direct effect on the security of a network topology because it helps define the Internet access model used in the organization and is the first point where defense is needed. There are many access models that designers can use, including highly restrictive exception-based access, open, and a combination in between. Exception-based access models apply a default restriction that disallows all access, followed by exceptions for needed services and connectivity. This is a commonly used method of protection where the firewall is configured to block traffic to all but a few specified protocols and services on specific systems. An example of exception-based access is to disallow all traffic to the Web server except for TCP traffic to port 80 (the IP protocol and service port (HTTP) that the Web server uses). Exception-based access models are useful in simple network environments where there is little network diversity or need for complex filtering rules.

An open model allows access to everyone unless otherwise explicitly prohibited. This model focuses on only the services provided by a network and its systems. It uses firewall rules to allow or disallow access from specific networks and systems to explicit services such as a Web server or email and provides granular access control. This model takes no action on the remainder of the ports and protocols that are not in use, however, which can present a security risk in some network environments.

The following examples demonstrate the usefulness and dangers of an open access model.

In a simple network environment, where the Web server is connected directly to the Internet, an open model might create unnecessary security risks. In this case, the firewall allows access to the Web server from specific friendly networks and systems, but does not affect any other traffic to or from the Web server, including hostile traffic from the Internet. This presents a danger if an attacker compromises the Web server. The attacker can then set up a new and unauthorized service on that system, which runs unaffected by the firewall. An exception-based model would protect against this.

Open models are useful to provide granular access control and protect against unauthorized traffic to specific services, as is often used with domain name servers and email servers. Domain name servers and email servers often have secondary relays that provide service to Internet systems and protect the primary system from exposure to the Internet. The primary systems can be configured with an open access model that allows network traffic to the domain name and email services only from the relay servers. This example also assumes that the net work topology protects the primary servers from external attack.

There are several schools of thought when determining which model of access should be used. The exception-based model is more restrictive and places the brunt of the security responsibilities on the firewall's strengths. The open model relies more on the systems in use to assure that they are configured securely and provide minimal possibility for compromise and modification.

Security Devices

Firewalls, Virtual Private Network (VPN) servers, and intrusion detection systems (IDS) are commonly used examples of security devices. Firewalls are used to protect the internal network from external threats by allowing or disallowing certain types of network traffic and data. Firewalls are not meant only for the edge of the network, but anywhere that traffic restrictions are required or recommended. VPN devices are used to provide secure remote access from the Internet to users by creating an encrypted tunnel through which the remote computer accesses the internal network of an organization. Intrusion detection systems provide active monitoring and notification of known attacks on systems and networks by watching network data. These devices provide the first and most obvious level of security and are vital to any network topology.

Servers and Systems

Servers and systems are all of the computers used within the organization. These systems include Web, mail, login, file and print servers, desktop computers, and network management systems. The requirements for these systems influence the network architecture and include the network services offered, and they also dictate to whom access is provided. Each service provided affects the security of the network and the system on which it runs. Consideration given to these effects results in a network architecture that minimizes the risks and effects of a security breach.

Attackers will often scan for servers that provide services to both the Internet and internal networks; the compromise of these systems allows the attacker a doorway into the organization. Servers that run multiple services also present security risks because each service provides a potential doorway into that particular system. It is particularly important to examine the history of an application or service for security vulnerabilities. Email, Web, DNS, and FTP servers have a long history of vulnerabilities, and their simultaneous use on a single system provides several access points for an attacker.

Organization and Layout

The organization and layout of the network takes into consideration the implementation of these components. This includes the physical placement and organization of the network equipment and wiring, as well as the method by which Internet access is provided. Identifying network service requirements and the relationship of users to these services is important to the security of a network architecture.

Many operating systems and arrive configured by default to provide every service it supports, despite the fact that an organization rarely needs or uses all of them. If an organization needs file sharing, printing, Web, and email capabilities, the servers that provide these services should have all their other services disabled. If these services are provided to different groups within the organization or if a clear need for these services to share information is not established, they should be run on different systems and networks that reflect the users'access needs.