There is no definitive blueprint for designing a secure network; network security has to be custom tailored to fit the needs of your network, not anyone else's. Consider, for example, a midsize law firm network. The firm may have a special case information system that provides access to the firm's cases to lawyers while they are on the road. While in the office, they no doubt provide all staff with a connection to the Internet. Network security for such a firm would need to allow access to the case information system for authorized users on the outside of the network, while simultaneously ensuring that full access to the Internet is always available to staff on the inside of the network.
Contrast such a firm to a standard public library with a bibliographic database that needs to be made available to all users on the Internet and in the library. Good network security protects your network in a manner that is consistent with its purpose. That being said, it is important to look at network security from as many angles as possible.
Protect the Internal Network from the Outside
One of the most important weapons in the constant battle against attacks from the Internet is a firewall. Firewalls protect your internal network from all those on the Internet who might damage it. Firewalls can range from a few lines of configuration code on a router to a multi-purpose machine that will provide content filtering, web caching and virus protection as well as the standard protection against attackers.
Protect the Internal Network from the Inside
It is a well-known fact that most network security breaches come from within a network, not from the outside. Breaches range from viruses unleashed by patrons to unintentional damage cause by curious staff. Protect your client workstations by using authentication, anti-virus software, and desktop security software (for more, see About Workstation Security). Also consider physically separating public and staff LANs by means of separate cabling for each network or virtual LAN switches (see VLAN Information).
Protect Access Points
Be sure to know all the access points into your network. For instance, if your network requires remote access connections, you should purchase a firewall with VPN capabilities. Products such as these will not only create a remote access connection but will protect it as well. Additionally, network connectivity is becoming increasingly ubiquitous, sometimes via technologies with less than well-developed security capabilities such as wireless technologies. It is important to know all access points in to your network and how secure they are.
Next: Network Firewalls