Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Distributed Network Security
Go to: HSC Trainings
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Press review
o Press releases
o Publications
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Distributed Network Security  
> Access to the content HTML Beginning of the presentation  
> Description The security of the perimeter was the first concern in network security. Many sites installed security mechanisms of the firewall type, or at least TCP/IP filters, on their Internet connection. It is now necessary to taker care of the security of the internal network, and to set up security between the various entities: students, laboratories, administration for example. For that, it is not necessary to add security devices, but simply to organize oneself to partition the network by using the existing hardware.  
> Context & Dates Talk made during an INS evening meeting (San Mateo, California, 15 December 1999) and at SANS 2000 (Orlando, 23 March 2000).
> Author Hervé Schauer (Herve.Schauer@hsc.fr) 
> Type 92 slides [ English - HTML ]  
> Abstract &
Table of content

Effective solution

Network Partitioning Overview
What is Network Partitioning?
Typical applications
Why Network Partitioning versus others security techniques?
Does Network Partitioning satisfy everyone?
When use and advice Network Partitioning?
Performance issues of Network Partitioning
Scalability of Network Partitioning
Limitations of Network Partitioning
Application layer controls
Network Partitioning & Intrusion Detection Systems
VLANs, VPNs & IPsec management
Future of Network Partitioning

Network Partitioning Concepts
Service Flow
Security Policy Enforcement Point (SPEP)
Security policy enforcement at network layer vs. application layer
Fragmented, Device-Based vs. Centralized, Policy-Based Network Security Managment

Policy-Based Network Security Management
Policy trends & terminology
Security policy
Network access security policy
User policy
What is Policy-Based Network Security Management?
How to go to Policy-Based Network Security Management?
Abstraction level

Partitioning process
Case with internal NOC within the company
Case with network service provider
Determine domains to partition
Determine service flows between domains
Apply the security policy on the service flows
Apply the service flows on filtering devices
Audit & validate the filtering devices screening rules
Update the service flows drawings

Security Office
Network Operation Center

Hardware & Software
Filtering Devices
Policy Definition Tool & filter generation
First configuration set-up

Cases studies
Internet security
Internet & extranet security
E-Commerce platform
Community ISP
Industry meshed network
Industry meshed & branches network
Bank branches network

References & resources  

> Related documents
themeNetwork Partitionning
[Presentation]  Deperimetrization or not ? [22 November 2007 - French]
[Presentation]  Network security stakes [14 October 2004 - French]
[Article]  Networks Security [25 July 2000 - French]
[Presentation]  Distributed Network Security [12 May 2000 - English]
[Presentation]  Distributed Network Security - From Firewall to Network Partitioning [30 November 1999 - French]
[Article]  Distributed Network Security - From the Firewall to Network Partitionning [November 1999 - French]
[Presentation]  Le cloisonnement de réseaux [18 August 1999 - English]
[Article]  Network Partitioning [August 1997 - French]
[Presentation]  Private networks partitioning [8 July 1997 - French]
[Presentation]  Intranets partitioning [June 1997 - French]
> Copyright © 1999, Hervé Schauer Consultants, all rights reserved.


Last modified on 17 April 2002 at 16:46:59 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants