Secure Network Design

In the previous chapter you learned about the basic concept of infrastructure security and built a strong foundation for the different areas required to understand the need for information security based on current security threats that exist in cyber space.

The internet has grown dramatically and has reached a stage where everyone must be connected in order to exchange information. Imagine that billions of people with internet enabled devices are directly connected to the internet, and some sort of unsecured network becomes a target for cyber criminals.

In this chapter, we describe how to secure a network and look at the significance of network security. In a layered fashion, we will also discuss methods and approaches to building a secure network based on business aims.

The following topics will be covered in this chapter:

• Access control
• Network management and security design
• Hardening your TCP/IP stack
• DoS and DDoS attacks
• IP spoofing
• Ping sweeps and port scans
• DNS vulnerabilities
• Two-factor authentication