Open Framework, Information Management Strategy & Collaborative Governance | Data & Social Methodology - MIKE2.0 Methodology
Wiki Home
Collapse Expand Close

Members
Collapse Expand Close

To join, please contact us.

Improve MIKE 2.0
Collapse Expand Close
Need somewhere to start? How about the most wanted pages; or the pages we know need more work; or even the stub that somebody else has started, but hasn't been able to finish. Or create a ticket for any issues you have found.

Network Infrastructure Security Design Deliverable Template

From MIKE2.0 Methodology

Share/Save/Bookmark
Jump to: navigation, search
Under construction.png
This article is currently Under Construction. It is undergoing major changes as it is in the early stages of development. Users should help contribute to this article to get it to the point where is ready for a Peer Review.
This deliverable template is used to describe a sample of the MIKE2.0 Methodology (typically at a task level). More templates are now being added to MIKE2.0 as this has been a frequently requested aspect of the methodology. Contributors are strongly encouraged to assist in this effort.
Deliverable templates are illustrative as opposed to fully representative. Please help add examples to this template that are representative of the proposed output.

Network Infrastructure Security is used to ensure the network is secure and it is protected from attack. This includes making sure the proper hardware and software firewalls are in place and that data is encrypted across this network.

Examples

Example 1 - for a Sample Network Security Design

VPN VIA MANAGED POINT TO POINT LINK

The encryption may be performed on the terminating equipment (eg. IPSec tunnel between two Cisco routers) if bandwidth, service level and monitoring requirements are met).

VPN via Managed Point to Point Link


ADVANTAGES

  • More secure as all traffic is encrypted.
  • Simple solution, more simpler solution to manage
  • More cost effective solution as less hardware is required
  • IPSec tunnels terminate at most external point available.

DISADVANTAGES

  • May be less suitable for high bandwidth encryption, dedicated devices might perform better.
  • May make access list management more difficult for management purposes.
  • Less efficient compression (if using payload compression protocol with IPSec) due to data being encrypted and encapsulated.

SPECIFIC RISKS

  • None

CONTROLS REQUIRED

  • Ensure each connection terminates onto separate Extranet VLAN
  • Apply access lists on Firewalls, WAN and choke routers to restrict all traffic flow only between required source and destination networks. No traffic should terminate on any Extranet infrastructure.
  • Implement strict access lists to allow only IPSec traffic through the external interfaces.
Wiki Contributors
Collapse Expand Close