Evaluating the Physical Security Model

In previous chapters, it has been mentioned several times that the process of analyzing your network would be greatly enhanced with a network map showing where things are and how they are attached to the outside world. Once you get the network map, the things to look at include the placement and use of firewalls and the ways that domains are connected.

One of the considerations of a Windows 2000 network is the placement and use of domains. The days of the Windows NT Resource Domain are over, and these domains should be merged into your Active Directory tree. Since the handling of domains is covered so well in MCSE: Directory Services Design Study Guide (Sybex, 2000), by Bob King and Gary Govanus, I will not cover that topic as part of the physical structure.

Even if you are new to the field of network architecture and security, you have probably heard terms like firewall and demilitarized zone bandied about. If you have never worked with a firewall, now may be the time to explore them.

Start by closely examining Figure 4.2.

FIGURE 4.2 Basic (bastion host) firewall

Workstation Workstation Workstation

FIGURE 4.2 Basic (bastion host) firewall

Workstation Workstation Workstation

Workstation Workstation

This is a firewall setup at the most basic. You have a corporate network, large or small, connected to the Internet. In this case, a firewall separates the corporate network from the Internet. A firewall is simply a boundary between the Internet and the internal network.

Was this article helpful?

0 0

Post a comment