Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Le cloisonnement de réseaux
Go to: HSC Trainings
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Press review
o Press releases
o Publications
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Le cloisonnement de réseaux  
> Access to the content HTML Beginning of the presentation  
> Description The security of the perimeter was the first concern in network security. Many sites installed security mechanisms of the firewall type, or at least TCP/IP filters, on their Internet connection. It is now necessary to taker care of the security of the internal network, and to set up security between the various entities: students, laboratories, administration for example. For that, it is not necessary to add security devices, but simply to organize oneself to partition the network by using the existing hardware.  
> Context & Dates Talk made during an INS evening meeting (San Mateo, California), on 18 August 1999.
> Author Hervé Schauer (Herve.Schauer@hsc.fr) 
> Type 72 slides [ English - HTML ]  
> Abstract &
Table of content

Effective solution

Network Partitioning
What is Network Partitioning?
Typical applications
Why Network Partitioning versus others security techniques?
Does Network Partitioning satisfy everyone?
When use and advice Network Partitioning?
Performance issues of Network Partitioning
Limitations of Network Partitioning
Future of Network Partitioning

Policy-based network security management
Policy trends
Security policy
User policy
Network access security policy
Abstraction level
Application layer controls
VLANs, VPNs & IPsec management

Service Flow
Security Policy Enforcement Point (SPEP)
Security policy enforcement at network layer vs. application layer

Partitioning process
Case with internal NOC within the company
Case with network service provider
Determine domains to partition
Determine service flows between domains
Apply the security policy on the service flows
Apply the service flows on filtering devices
Audit & validate the filtering devices screening rules
Update the service flows drawings

Security Office
Network Operation Center

Hardware & Software
Filtering Devices
Policy Definition Tool & filter generation
First configuration set-up

Cases studies
Internet security
Internet & extranet security
E-Commerce platform
Community ISP
Industry meshed network
Industry meshed & branches network
Bank branches network

References & resources  

> Related documents
themeNetwork Partitionning
[Presentation]  Deperimetrization or not ? [22 November 2007 - French]
[Presentation]  Network security stakes [14 October 2004 - French]
[Article]  Networks Security [25 July 2000 - French]
[Presentation]  Distributed Network Security [12 May 2000 - English]
[Presentation]  Distributed Network Security [15 December 1999 - English]
[Presentation]  Distributed Network Security - From Firewall to Network Partitioning [30 November 1999 - French]
[Article]  Distributed Network Security - From the Firewall to Network Partitionning [November 1999 - French]
[Article]  Network Partitioning [August 1997 - French]
[Presentation]  Private networks partitioning [8 July 1997 - French]
[Presentation]  Intranets partitioning [June 1997 - French]
> Copyright © 1999, Hervé Schauer Consultants, all rights reserved.


Last modified on 17 April 2002 at 17:37:59 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants