Lesson 2: Creating The Security Design Framework

By Author: kayla
Total Articles: 128
Comment this article

A security design framework is a structure on which all future security designs can be built. As a security designer, you should create a base security design framework on which your security designs can be built or you (or your design team) might end up with incomplete assessments in a IT Exams(http://www.buyitexam.com), lack of follow-through, and an incomplete picture of the changing security landscape.

After this lesson, you will be able to ,

Describe the components of a security design framework.

Describe the process for creating a security design framework.

Identify the principles of information security design.

Explain the purpose of threat modeling.

Perform threat modeling.

Design a process for responding to incidents.

Design the use of segmented networks.

Design a process for recovering services.
A perimeter network, also known as a DMZ because of its resemblance to a demilitarized zone agreed upon between hostile nations, defines a network that is neither part of the organization's internal network ...
... nor part of the external network, but is under the control of the organization.

Wingtiptoys.com uses the classic perimeter network, "which is flanked by two firewalls, as shown in Figure 1-6. Another possible design is the three-pronged network. A firewall with three network interfaces is part of the Tailspintoys.com network (shown in Figure 1-7) and is used to provide a connection to the external network, the internal network, and the 70-297 Exam(http://www.mcse-70-297.com). In either case, systems that need to communicate with the external network are placed on the perimeter network. This configuration provides another layer of protection for the internal network, as an attacker must first penetrate the perimeter network. In the pure, classic design, no access to the internal network is allowed from the perimeter network or external network. The inner firewall allows only access from the internal network to the perimeter network, and the outer firewall allows limited access in both directions.

Guidelines for Using Internal Segments To Improve Network Security Design

Traditionally, few internal networks are segmented for security reasons. The internal network has often, in the past, been described as the "trusted" network, and thus communications were not restricted within its boundaries. Today there is a growing realization that even internal networks are "hostile" networks, and one way to offer protection and free Microsoft question papers(www.examshots.com/vendor/Microsoft-1.html) to sensitive data and operations is to use traditional security gateways to internally segment the network. In this way, access to sensitive data and operations can be restricted to those trusted with it, and exposure of information is curtailed. Figure 1-8 shows a proposed internal network segmentation for Tailspintoys.com.

In either case, systems that need to communicate with the external network are placed on the perimeter network. This configuration provides another layer of protection for the internal network, as an attacker must first penetrate the perimeter network. In the pure, classic design, no access to the internal network is allowed from the perimeter network or external network. The inner firewall allows only access from the internal network to the perimeter network, and the outer firewall allows limited access in both directions.