Designing a Network with Segmentation

Contributed by Timothy Buns
 
Network design entails many different angles, and it should take some very careful planning when implementing a new network or configuring a redesign. In this paper we will be looking at the logical point of view of how to separate the different parts of a network. Almost any network is going to include a data center that includes servers. However, there may different use cases for those servers, such as web servers, that need to be internet accessible, or databases that should be kept secured. There are also different types of users and even devices that should be taken into consideration in terms of how to group different functional unites together. Being that there is no one size fits all blueprint, sometimes a design can get out of hand and too specific, and of course this will depend on the company. There are many different ways to design a network in terms of segmentation. Using Virtual Local Area Networks (VLANs) to do this is the most relevant avenue for doing this. However, one of the challenges that can be seen is how and where to use VLANS. In this paper, the different methods will be discussed and which is deemed to be best practice. We will look at some of the common methodology used and the pro’s and con’s of each. In addition to how to properly segment a network, we will also look at the how to into increase security by using techniques in conjunction with grouping different members of the network. The basic principal of least amount of access can assist in protecting against possible breaches and minimize damages if one were to occur.
This document is in PDF format. To view it click here.

Rate this article: 
No votes yet