Description

Redundant Links

Implementing redundant links at the core layer ensures that network devices can find alternate paths to

send data in the event of a failure. When Layer 3 devices are placed at the core layer, these redundant

links can be used for load balancing addition to providing backup.

Security at the Network Edge

Many of the security risks that occur at the access layer of the network result from poorly secured

end devices. User error and carelessness account for a significant number of network security breaches.

Three types of common security risks that occur at the access layer are as follows:

•  Viruses
•  Worms
•  Trojan horses

Providing adequate security for end devices may not be in the scope of a network design project.

Nevertheless, the designer needs to understand the network impact of a security incident, such as a

worm or a Trojan, at an end device. The designer can then better determine which network security

measures to put in place to limit the effects on the network.

Permitting network access to only known or authenticated devices limits the ability of intruders to enter

the network. It is important to apply wireless security measure that follows recommended practices.

Today's networks are more likely to face an attack originating from the access layer of the internal

network than from external sources. Thus, the design of server farm security is different from the older

DMZ model. A layer of firewall features and intrusion protection is required between the servers and the

internal networks, and between the servers and the external users. An additional security layer between

the servers may also be required.

The sensitivity of data stored on the servers and contained in the transactions traveling the network

determines the appropriate security policy for the design of the server farm.

To achieve high availability, servers are redundantly connected to two separate switches at the access

layer. This redundancy provides pa path from the server to the secondary switch if the primary switch

fails. Devices at the distribution and core layers of the server farm network are also redundancy and

failover.

Because these servers will form the foundation of our network management and security, we will want

to create a separate management VLAN which is isolated from the resto fo the network by a firewall or

access lists. The rest of the network by a firewall or access lists. The only traffic that we will allow in the

management network is either from the managed devices or protected by encryption.